forked from curl/curl-for-win
-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
_dl.sh
executable file
·213 lines (189 loc) · 9.36 KB
/
_dl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
#!/bin/sh -x
# Copyright 2015-2020 Viktor Szakats <https://vsz.me/>
# See LICENSE.md
export ZLIB_VER_='1.2.11'
export ZLIB_HASH=629380c90a77b964d896ed37163f5c3a34f6e6d897311f1df2a7016355c45eff
export LIBHSTS_VER_='0.1.0'
export LIBHSTS_HASH=e1125e0395b4777361eafafd61fff2b516d3f2fb57d56e40cb554a6cd8c024e0
export BROTLI_VER_='1.0.7'
export BROTLI_HASH=4c61bfb0faca87219ea587326c467b95acb25555b53d1a421ffa3c8a9296ee2c
export LIBIDN2_VER_='2.3.0'
export LIBIDN2_HASH=e1cb1db3d2e249a6a3eb6f0946777c2e892d5c5dc7bd91c74394fc3a01cab8b5
export NGHTTP2_VER_='1.40.0'
export NGHTTP2_HASH=09fc43d428ff237138733c737b29fb1a7e49d49de06d2edbed3bc4cdcee69073
export CARES_VER_='1.16.0'
export CARES_HASH=de058ad7c128156e2db6dc98b8a359924d6f210a1b99dd36ba15c8f839a83a89
export OPENSSL_VER_='1.1.1f'
export OPENSSL_HASH=186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35
export LIBSSH2_VER_='1.9.0'
export LIBSSH2_HASH=d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd
export CURL_VER_='7.69.1'
export CURL_HASH=03c7d5e6697f7b7e40ada1b2256e565a555657398e6c1fcfa4cb251ccd819d4f
export OSSLSIGNCODE_VER_='1.7.1'
export OSSLSIGNCODE_HASH=f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9
# Create revision string
# NOTE: Set _REV to empty after bumping CURL_VER_, and
# set it to 1 then increment by 1 each time bumping a dependency
# version or pushing a CI rebuild for the master branch.
export _REV='1'
[ -z "${_REV}" ] || _REV="_${_REV}"
echo "Build: REV(${_REV})"
# Quit if any of the lines fail
set -e
# Detect host OS
case "$(uname)" in
*_NT*) os='win';;
Linux*) os='linux';;
Darwin*) os='mac';;
*BSD) os='bsd';;
esac
# Install required component
# TODO: add `--progress-bar off` when pip 10.0.0 is available
if [ "${os}" != 'win' ]; then
pip3 --version
pip3 --disable-pip-version-check install --user pefile
fi
alias curl='curl -fsS --connect-timeout 15 -m 20 --retry 3'
alias gpg='gpg --batch --keyserver-options timeout=15 --keyid-format LONG'
gpg_recv_key() {
# https://keys.openpgp.org/about/api
req="pks/lookup?op=get&options=mr&exact=on&search=0x$1"
# curl "https://keys.openpgp.org/${req}" | gpg --import --status-fd 1 || \
curl "https://pgpkeys.eu/${req}" | gpg --import --status-fd 1 || \
curl "https://keyserver.ubuntu.com/${req}" | gpg --import --status-fd 1
}
gpg --version | grep gpg
if [ "${_BRANCH#*dev*}" != "${_BRANCH}" ]; then
_patsuf='.dev'
elif [ "${_BRANCH#*master*}" = "${_BRANCH}" ]; then
_patsuf='.test'
else
_patsuf=''
fi
# zlib
curl -o pack.bin -L --proto-redir =https "https://github.com/madler/zlib/archive/v${ZLIB_VER_}.tar.gz" || exit 1
openssl dgst -sha256 pack.bin | grep -q "${ZLIB_HASH}" || exit 1
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r zlib && mv zlib-* zlib
[ -f "zlib${_patsuf}.patch" ] && dos2unix < "zlib${_patsuf}.patch" | patch --batch -N -p1 -d zlib
# Relatively high curl binary size + extra dependency overhead aiming mostly
# to optimize webpage download sizes, so allow to disable it.
if [ "${_BRANCH#*nobrotli*}" = "${_BRANCH}" ]; then
# brotli
curl -o pack.bin -L --proto-redir =https "https://github.com/google/brotli/archive/v${BROTLI_VER_}.tar.gz" || exit 1
openssl dgst -sha256 pack.bin | grep -q "${BROTLI_HASH}" || exit 1
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r brotli && mv brotli-* brotli
[ -f "brotli${_patsuf}.patch" ] && dos2unix < "brotli${_patsuf}.patch" | patch --batch -N -p1 -d brotli
fi
# nghttp2
curl -o pack.bin -L --proto-redir =https "https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VER_}/nghttp2-${NGHTTP2_VER_}.tar.xz" || exit 1
openssl dgst -sha256 pack.bin | grep -q "${NGHTTP2_HASH}" || exit 1
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r nghttp2 && mv nghttp2-* nghttp2
[ -f "nghttp2${_patsuf}.patch" ] && dos2unix < "nghttp2${_patsuf}.patch" | patch --batch -N -p1 -d nghttp2
# This significantly increases curl binary sizes, so leave it optional.
if [ "${_BRANCH#*libidn2*}" != "${_BRANCH}" ]; then
# libidn2
curl \
-o pack.bin "https://ftp.gnu.org/gnu/libidn/libidn2-${LIBIDN2_VER_}.tar.gz" \
-o pack.sig "https://ftp.gnu.org/gnu/libidn/libidn2-${LIBIDN2_VER_}.tar.gz.sig" || exit 1
curl 'https://ftp.gnu.org/gnu/gnu-keyring.gpg' \
| gpg -q --import 2>/dev/null
gpg --verify-options show-primary-uid-only --verify pack.sig pack.bin || exit 1
openssl dgst -sha256 pack.bin | grep -q "${LIBIDN2_HASH}" || exit 1
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r libidn2 && mv libidn2-* libidn2
fi
if [ "${_BRANCH#*cares*}" != "${_BRANCH}" ]; then
# c-ares
if [ "${_BRANCH#*dev*}" != "${_BRANCH}" ]; then
CARES_VER_='1.13.1-dev'
curl -o pack.bin -L --proto-redir =https https://github.com/c-ares/c-ares/archive/611a5ef938c2ca92beb51f455323cda4d40119f7.tar.gz || exit 1
else
curl \
-o pack.bin -L --proto-redir =https "https://github.com/c-ares/c-ares/releases/download/cares-$(echo "${CARES_VER_}" | tr '.' '_')/c-ares-${CARES_VER_}.tar.gz" \
-o pack.sig -L --proto-redir =https "https://github.com/c-ares/c-ares/releases/download/cares-$(echo "${CARES_VER_}" | tr '.' '_')/c-ares-${CARES_VER_}.tar.gz.asc" || exit 1
gpg_recv_key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
gpg --verify-options show-primary-uid-only --verify pack.sig pack.bin || exit 1
openssl dgst -sha256 pack.bin | grep -q "${CARES_HASH}" || exit 1
fi
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r c-ares && mv c-ares-* c-ares
[ -f "c-ares${_patsuf}.patch" ] && dos2unix < "c-ares${_patsuf}.patch" | patch --batch -N -p1 -d c-ares
fi
# openssl
if [ "${_BRANCH#*dev*}" != "${_BRANCH}" ]; then
OPENSSL_VER_='1.1.1-pre1'
curl -o pack.bin -L --proto-redir =https https://www.openssl.org/source/openssl-1.1.1-pre1.tar.gz || exit 1
else
curl \
-o pack.bin "https://www.openssl.org/source/openssl-${OPENSSL_VER_}.tar.gz" \
-o pack.sig "https://www.openssl.org/source/openssl-${OPENSSL_VER_}.tar.gz.asc" || exit 1
# From:
# https://www.openssl.org/source/
# https://www.openssl.org/community/omc.html
gpg_recv_key 8657ABB260F056B1E5190839D9C4D26D0E604491
gpg_recv_key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
gpg --verify-options show-primary-uid-only --verify pack.sig pack.bin || exit 1
openssl dgst -sha256 pack.bin | grep -q "${OPENSSL_HASH}" || exit 1
fi
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r openssl && mv openssl-* openssl
[ -f "openssl${_patsuf}.patch" ] && dos2unix < "openssl${_patsuf}.patch" | patch --batch -N -p1 -d openssl
# libssh2
if [ "${_BRANCH#*dev*}" != "${_BRANCH}" ]; then
LIBSSH2_VER_='1.9.1-dev'
curl -o pack.bin -L --proto-redir =https https://github.com/libssh2/libssh2/archive/53ff2e6da450ac1801704b35b3360c9488161342.tar.gz || exit 1
else
curl \
-o pack.bin -L --proto-redir =https "https://github.com/libssh2/libssh2/releases/download/libssh2-${LIBSSH2_VER_}/libssh2-${LIBSSH2_VER_}.tar.gz" \
-o pack.sig -L --proto-redir =https "https://github.com/libssh2/libssh2/releases/download/libssh2-${LIBSSH2_VER_}/libssh2-${LIBSSH2_VER_}.tar.gz.asc" || exit 1
gpg_recv_key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
gpg --verify-options show-primary-uid-only --verify pack.sig pack.bin || exit 1
openssl dgst -sha256 pack.bin | grep -q "${LIBSSH2_HASH}" || exit 1
fi
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r libssh2 && mv libssh2-* libssh2
[ -f "libssh2${_patsuf}.patch" ] && dos2unix < "libssh2${_patsuf}.patch" | patch --batch -N -p1 -d libssh2
# curl
if [ "${_BRANCH#*dev*}" != "${_BRANCH}" ]; then
CURL_VER_='7.59.0-dev'
curl -o pack.bin -L --proto-redir =https https://github.com/curl/curl/archive/63f6b3b22077c6fd4a75ce4ceac7258509af412c.tar.gz || exit 1
else
curl \
-o pack.bin -L --proto-redir =https "https://github.com/curl/curl/releases/download/curl-$(echo "${CURL_VER_}" | tr '.' '_')/curl-${CURL_VER_}.tar.xz" \
-o pack.sig -L --proto-redir =https "https://github.com/curl/curl/releases/download/curl-$(echo "${CURL_VER_}" | tr '.' '_')/curl-${CURL_VER_}.tar.xz.asc" || exit 1
gpg_recv_key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
gpg --verify-options show-primary-uid-only --verify pack.sig pack.bin || exit 1
openssl dgst -sha256 pack.bin | grep -q "${CURL_HASH}" || exit 1
fi
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r curl && mv curl-* curl
[ -f "curl${_patsuf}.patch" ] && dos2unix < "curl${_patsuf}.patch" | patch --batch -N -p1 -d curl
# libhsts
curl \
-o pack.bin "https://gitlab.com/rockdaboot/libhsts/uploads/4753f61b5a3c6253acf4934217816e3f/libhsts-${LIBHSTS_VER_}.tar.gz" || exit 1
openssl dgst -sha256 pack.bin | grep -q "${LIBHSTS_HASH}" || exit 1
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r libhsts && mv libhsts-* libhsts
[ -f "libhsts${_patsuf}.patch" ] && dos2unix < "libhsts${_patsuf}.patch" | patch --batch -N -p1 -d libhsts
# osslsigncode
# NOTE: "https://github.com/mtrojnar/osslsigncode/archive/${OSSLSIGNCODE_VER_}.tar.gz"
curl -o pack.bin -L --proto-redir =https "https://deb.debian.org/debian/pool/main/o/osslsigncode/osslsigncode_${OSSLSIGNCODE_VER_}.orig.tar.gz" || exit 1
openssl dgst -sha256 pack.bin | grep -q "${OSSLSIGNCODE_HASH}" || exit 1
tar -xvf pack.bin >/dev/null 2>&1 || exit 1
rm pack.bin
rm -f -r osslsigncode && mv osslsigncode-* osslsigncode
[ -f 'osslsigncode.patch' ] && dos2unix < 'osslsigncode.patch' | patch --batch -N -p1 -d osslsigncode
set +e
rm -f pack.bin pack.sig