From ff4cd806957517cdaa81ed48fe1f4f7a9ed2dfcc Mon Sep 17 00:00:00 2001 From: oech3 <79379754+oech3@users.noreply.github.com> Date: Tue, 30 Jun 2026 01:06:15 +0900 Subject: [PATCH] publish binaries with static openssl --- .github/workflows/CICD.yml | 24 ++++--------------- .github/workflows/make.yml | 13 +++++++--- .../workspace.wordlist.txt | 1 + 3 files changed, 16 insertions(+), 22 deletions(-) diff --git a/.github/workflows/CICD.yml b/.github/workflows/CICD.yml index 97c3d0c2662..7e85323ddb7 100644 --- a/.github/workflows/CICD.yml +++ b/.github/workflows/CICD.yml @@ -836,8 +836,8 @@ jobs: fail-fast: false matrix: job: - # Linux: exercises both vendored (static) and OPENSSL_NO_VENDOR=1 - # (dynamic against system libcrypto). ubuntu-latest ships libssl-dev. + # Linux: exercises OPENSSL_NO_VENDOR=1 (dynamic against system libcrypto). ubuntu-latest ships libssl-dev. + # static binaries are tested and published on make.yml - { os: ubuntu-latest, features: feat_os_unix, dynamic: true } # macOS: vendored only — system libcrypto needs OPENSSL_DIR # pointing at Homebrew, which isn't worth wiring up for a smoke test. @@ -848,7 +848,6 @@ jobs: - uses: actions/checkout@v6 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@stable - uses: taiki-e/install-action@nextest - uses: Swatinem/rust-cache@v2 - name: Run sccache-cache @@ -864,7 +863,8 @@ jobs: # from source and statically links it (mirrors how `expr` links # oniguruma). Runs the md5sum/sha*sum/cksum integration tests end-to-end # so we'd catch a wrong-digest regression, not just a type error. - - name: Test checksum utilities with OpenSSL (vendored / static) + - name: Test checksum utilities with OpenSSL (vendored) + if: matrix.job.os == 'macos-latest' shell: bash env: RUST_BACKTRACE: "1" @@ -872,23 +872,9 @@ jobs: cargo nextest run --hide-progress-bar --profile ci \ --features "${{ matrix.job.features }},openssl" \ -E 'test(/^test_(md5sum|sha1sum|sha224sum|sha256sum|sha384sum|sha512sum|cksum)::/)' - # Confirm the vendored build is actually statically linked. If this - # regresses, the `vendored` feature has stopped doing its job. - - name: Verify static linkage (vendored) + - name: Test checksum utilities with OpenSSL (dynamic) if: matrix.job.os == 'ubuntu-latest' shell: bash - run: | - cargo build --release --features "${{ matrix.job.features }},openssl" --bin coreutils - if ldd target/release/coreutils 2>&1 | grep -iE 'libssl|libcrypto'; then - echo "ERROR: coreutils dynamically links libssl/libcrypto despite vendored feature" - exit 1 - fi - echo "OK: no dynamic libssl/libcrypto linkage" - # Second linking mode: OPENSSL_NO_VENDOR=1 links dynamically against - # the system libcrypto/libssl. - - name: Test checksum utilities with OpenSSL (system / dynamic) - if: matrix.job.dynamic - shell: bash env: OPENSSL_NO_VENDOR: "1" RUST_BACKTRACE: "1" diff --git a/.github/workflows/make.yml b/.github/workflows/make.yml index b47d42e6bee..dede870455a 100644 --- a/.github/workflows/make.yml +++ b/.github/workflows/make.yml @@ -83,7 +83,7 @@ jobs: mv -t target/ target.cache/release 2>/dev/null || true - name: "`make nextest`" shell: bash - run: make nextest PROFILE=ci CARGOFLAGS="--hide-progress-bar" + run: make nextest PROFILE=ci CARGOFLAGS="--hide-progress-bar --features openssl" env: RUST_BACKTRACE: "1" - name: Upload test results to Codecov @@ -124,15 +124,22 @@ jobs: ! test -f /tmp/usr/local/share/zsh/site-functions/_install ! test -f /tmp/usr/local/share/bash-completion/completions/head.bash ! test -f /tmp/usr/local/share/fish/vendor_completions.d/cat.fish - - name: "`make install MULTICALL=n`" + - name: make install MULTICALL=n CARGOFLAGS="--features openssl" shell: bash run: | set -x - DESTDIR=/tmp/individual make PROFILE=release MULTICALL=n install + DESTDIR=/tmp/individual make PROFILE=release MULTICALL=n CARGOFLAGS="--features openssl" install # Check that *sum are present for s in {md5,b2,sha1,sha224,sha256,sha384,sha512}sum do test -e /tmp/individual/usr/local/bin/${s} done + - name: Verify static linkage (vendored) + shell: bash + run: | + if ldd target/release/cksum 2>&1 | grep -iE 'libssl|libcrypto'; then + echo "ERROR: cksum dynamically links libssl/libcrypto despite vendored feature" + exit 1 + fi - name: "`make install MULTICALL=y LN=ln -svf`" shell: bash run: | diff --git a/.vscode/cspell.dictionaries/workspace.wordlist.txt b/.vscode/cspell.dictionaries/workspace.wordlist.txt index 132217af393..95332256b51 100644 --- a/.vscode/cspell.dictionaries/workspace.wordlist.txt +++ b/.vscode/cspell.dictionaries/workspace.wordlist.txt @@ -377,6 +377,7 @@ wasm wasip statx Statx +libcrypto # * stty terminal flags brkint