curl-ca-certs (#121)

pkgxdev · Sep 7, 2022 · 5a30698 · 5a30698
1 parent f92b037
commit 5a30698
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 8 deletions.
diff --git a/projects/curl.se/package.yml b/projects/curl.se/package.yml
@@ -14,8 +14,13 @@ build:
     tea.xyz/gx/cc: c99
     tea.xyz/gx/make: '*'
   script: |
-    ./configure --prefix={{prefix}} --with-openssl
+    ./configure $ARGS
     make --jobs {{ hw.concurrency }} install
+  env:
+    ARGS:
+    - --prefix={{prefix}}
+    - --with-openssl
+    - --with-ca-fallback  # uses openssl’s certs (which we control)
   test:
     make test
 

diff --git a/projects/openssl.org/package.yml b/projects/openssl.org/package.yml
@@ -17,15 +17,21 @@ build:
     tea.xyz/gx/cc: c99
     tea.xyz/gx/make: '*'
     perl.org: 5
-    curl.se: '*'
+    curl.se: '*'  # to download ca-certs on linux
   script: |
     ./Configure --prefix={{ prefix }} $ARCH no-tests
     make --jobs {{ hw.concurrency }}
     make install_sw  # `_sw` avoids installing docs
 
-    #TODO needs to be a curl.se/pkg that gets updates
-    mkdir -p "$CERTDIR"
-    curl https://curl.se/ca/cacert-2022-07-19.pem -o "$CERTDIR"/cert.pem
+    if test {{hw.platform}} = darwin; then
+      # use Apple’s certs ∵ they are very incentivized to get this right
+      rm -f "$CERTDIR"  # for building over the top FIXME DESTDIR for all
+      ln -sf /etc/ssl "$CERTDIR"
+    else
+      #FIXME needs to be a curl.se/ca-certs that gets updates
+      mkdir -p "$CERTDIR"
+      curl https://curl.se/ca/cacert-2022-07-19.pem -o "$CERTDIR"/cert.pem
+    fi
   env:
     CERTDIR: ${{prefix}}/ssl
     darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}

diff --git a/scripts/deps.ts b/scripts/deps.ts
@@ -0,0 +1,47 @@
+#!/usr/bin/env -S tea -E
+
+/*---
+args:
+  - deno
+  - run
+  - --allow-read
+  - --allow-env
+  - --import-map={{ srcroot }}/import-map.json
+---*/
+
+import { PackageRequirement, parsePackageRequirement } from "types"
+import usePantry from "hooks/usePantry.ts"
+import useFlags from "hooks/useFlags.ts"
+import hydrate from "prefab/hydrate.ts"
+
+const pantry = usePantry()
+
+useFlags()
+
+const mode: 'build' | 'install' = Deno.args.includes("-b") ? 'build' : 'install'
+const get_deps = async (pkg: PackageRequirement) => {
+  const deps = await pantry.getDeps(pkg)
+  switch (mode) {
+  case 'build':
+    return [...deps.build, ...deps.runtime]
+  case 'install':
+    return deps.runtime
+  }
+}
+
+const dry = Deno.args.compactMap(arg => !arg.startsWith('-') && parsePackageRequirement(arg))
+const explicit = new Set(dry.map(x=>x.project))
+const wet = await hydrate(dry, get_deps)
+const gas = wet.pkgs.compactMap(({project}) => {
+  if (Deno.args.includes('-i')) {
+    return project
+  } else {
+    return explicit.has(project) || project
+  }
+})
+
+if (Deno.env.get("GITHUB_ACTIONS")) {
+  console.log(`::set-output name=pkgs::${gas.join(" ")}\n`)
+} else {
+  console.log(gas.join("\n"))
+}
diff --git a/scripts/filter.ts b/scripts/filter.ts
@@ -4,10 +4,7 @@
 args:
   - deno
   - run
-  - --allow-net
-  - --allow-run
   - --allow-read
-  - --allow-write
   - --allow-env
   - --import-map={{ srcroot }}/import-map.json
 ---*/

diff --git a/scripts/repair.ts b/scripts/repair.ts
@@ -0,0 +1,23 @@
+#!/usr/bin/env -S tea -E
+
+/*
+---
+args:
+  - deno
+  - run
+  - --allow-net
+  - --allow-read=/opt
+  - --allow-write=/opt
+  - --allow-run  # uses `/bin/ln`
+  - --import-map={{ srcroot }}/import-map.json
+---
+*/
+
+import repairLinks from "prefab/repair-links.ts"
+import { print } from "utils"
+
+print("this because otherwise console.verbose is not defined lol")
+
+for (const project of Deno.args) {
+  await repairLinks(project)
+}