Update build to include artifacts dir

ecnepsnai · ecnepsnai · commit e67577a8cecf · 2024-09-16T16:53:13.000-07:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -46,7 +46,7 @@ jobs:
     steps:
       - name: Checkout Source
         id: checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #pin v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #pin v4.1.7
       - name: Compile Framework
         id: compile
         run: |
@@ -55,27 +55,38 @@ jobs:
           echo 'trusted-key 0x216094DFD0CB81EF' >> ~/.gnupg/gpg.conf
           echo "Starting build"
           GPG_VERIFY=1 ./build-ios.sh ${{ needs.query.outputs.openssl_version }}
-          zip -r openssl.xcframework.zip openssl.xcframework/
       - name: Capture Build Errors
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #pin v4.3.3
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 #pin v4.4.0
         if: failure()
         with:
           name: build_output
           path: build/*.log
       - name: Prepare Release
         id: prepare
         run: |
-          SHASUM=$(shasum -a 256 openssl.xcframework.zip | cut -d ' ' -f1)
-          echo "framework_checksum=${SHASUM}" >> $GITHUB_OUTPUT
-          echo "::notice ::openssl.xcframework.zip checksum: ${SHASUM}"
+          zip -r openssl.xcframework.zip openssl.xcframework/
+          tar -cf openssl.tar build/openssl_*/artifacts/
+          xz openssl.tar
+          FRAMEWORK_SHASUM=$(shasum -a 256 openssl.xcframework.zip | cut -d ' ' -f1)
+          echo "framework_checksum=${FRAMEWORK_SHASUM}" >> $GITHUB_OUTPUT
+          echo "::notice ::openssl.xcframework.zip checksum: ${FRAMEWORK_SHASUM}"
+          BUILD_SHASUM=$(shasum -a 256 openssl.tar.xz | cut -d ' ' -f1)
+          echo "build_checksum=${BUILD_SHASUM}" >> $GITHUB_OUTPUT
+          echo "::notice ::openssl.tar.xz checksum: ${BUILD_SHASUM}"
           echo "-----BEGIN EC PRIVATE KEY-----" >> private_key.pem
           echo '${{ secrets.SIGNING_KEY }}' >> private_key.pem
           echo "-----END EC PRIVATE KEY-----" >> private_key.pem
           openssl dgst -sign private_key.pem -sha256 -out openssl.xcframework.zip.sig openssl.xcframework.zip
+          openssl dgst -sign private_key.pem -sha256 -out openssl.tar.xz.sig openssl.tar.xz
           rm -f private_key.pem
       - name: Make Release
         id: release
         run: |
-          gh release create -n 'openssl.xcframework.zip SHA-256 `${{ steps.prepare.outputs.framework_checksum }}`' -t "${{ needs.query.outputs.openssl_version }}" ${{ needs.query.outputs.openssl_version }} openssl.xcframework.zip openssl.xcframework.zip.sig
+          echo '**Checksums:**' > release.md
+          echo '|File Name|SHA-256 Checksum|' >> release.md
+          echo '|-|-|' >> release.md
+          echo '|`openssl.xcframework.zip`|`${{ steps.prepare.outputs.framework_checksum }}`|' >> release.md
+          echo '|`openssl.tar.xz`|`${{ steps.prepare.outputs.build_checksum }}`|' >> release.md
+          gh release create --notes-file release.md -t "${{ needs.query.outputs.openssl_version }}" ${{ needs.query.outputs.openssl_version }} openssl.xcframework.zip openssl.xcframework.zip.sig openssl.tar.xz openssl.tar.xz.sig
         env:
           GH_TOKEN: ${{ github.token }}
diff --git a/.gitignore b/.gitignore
@@ -3,5 +3,7 @@ build/
 *.xcframework/
 *.tar.gz
 *.tar.gz.asc
+*.tar.xz
+*.tar.xz.asc
 *.zip
 *.zip.sig
diff --git a/README.md b/README.md
@@ -27,6 +27,10 @@ Use the included build script to compile a specific version or customize the con
 ./build-ios.sh <openssl version> [optional configure parameters]
 ```
 
+To enable signature verification of downloaded artifacts set the `GPG_VERIFY` environment variable to `1`.
+
+If you are building for use with a Swift package, you need to set the `WITH_MODULE_MAP` environment variable to `1`.
+
 The following config parameters are always provided: `-no-shared`, `-no-ui-console`, `-no-tests`, `-no-stdio`, `-no-threads`, `-no-legacy`, `-no-ssl2`, `-no-ssl3`, `-no-asm`, `-no-weak-ssl-ciphers`.
 
 ## Export Compliance
diff --git a/build-ios.sh b/build-ios.sh
@@ -18,14 +18,14 @@ ARCHIVE=openssl-${VERSION}.tar.gz
 if [ ! -f ${ARCHIVE} ]; then
     echo "Downloading openssl ${VERSION}..."
     curl -L "https://github.com/openssl/openssl/releases/download/openssl-${VERSION}/openssl-${VERSION}.tar.gz" > "${ARCHIVE}"
-fi
 
-if [ ! -z "${GPG_VERIFY}" ]; then
-    echo "Verifying signature for openssl-${VERSION}.tar.gz..."
-    rm -f "${ARCHIVE}.asc"
-    curl -L "https://github.com/openssl/openssl/releases/download/openssl-${VERSION}/openssl-${VERSION}.tar.gz.asc" > "${ARCHIVE}.asc"
-    gpg --verify "${ARCHIVE}.asc" "${ARCHIVE}"
-    echo "Verified signature for openssl-${VERSION}.tar.gz successfully!"
+    if [ ! -z "${GPG_VERIFY}" ]; then
+        echo "Verifying signature for openssl-${VERSION}.tar.gz..."
+        rm -f "${ARCHIVE}.asc"
+        curl -L "https://github.com/openssl/openssl/releases/download/openssl-${VERSION}/openssl-${VERSION}.tar.gz.asc" > "${ARCHIVE}.asc"
+        gpg --verify "${ARCHIVE}.asc" "${ARCHIVE}"
+        echo "Verified signature for ${ARCHIVE} successfully!"
+    fi
 fi
 
 ###########
@@ -68,6 +68,9 @@ function build() {
     make -j $(sysctl -n hw.logicalcpu_max) >> "${LOG}" 2>&1
     make install >> "${LOG}" 2>&1
 
+    # Deprecated file (openssl should just remove it)
+    rm artifacts/include/openssl/asn1_mac.h
+
     cd ../
 }
 
@@ -118,6 +121,23 @@ cp -r ${BUILDDIR}/openssl_arm64-iphoneos/artifacts/include/openssl/*.h ${BUILDDI
 libtool -no_warning_for_no_symbols -static -o ${BUILDDIR}/iphonesimulator/openssl.framework/openssl ${BUILDDIR}/libssl.a ${BUILDDIR}/libcrypto.a
 cp -r ${BUILDDIR}/openssl_arm64-iphonesimulator/artifacts/include/openssl/*.h ${BUILDDIR}/iphonesimulator/openssl.framework/Headers
 
+# Inject a module map so Swift can consume this
+function make_modulemap {
+    PLATFORM=${1}
+    mkdir -p ${BUILDDIR}/${PLATFORM}/openssl.framework/Modules
+    echo "framework module OpenSSL {" > ${BUILDDIR}/${PLATFORM}/openssl.framework/Modules/module.modulemap
+    for HEADER in $(ls ${BUILDDIR}/${PLATFORM}/openssl.framework/Headers); do
+        echo "    header \"${HEADER}\"" >> ${BUILDDIR}/${PLATFORM}/openssl.framework/Modules/module.modulemap
+    done
+    echo "    export *" >> ${BUILDDIR}/${PLATFORM}/openssl.framework/Modules/module.modulemap
+    echo "}" >> ${BUILDDIR}/${PLATFORM}/openssl.framework/Modules/module.modulemap
+}
+
+if [ ! -z "${WITH_MODULE_MAP}" ]; then
+    make_modulemap iphoneos
+    make_modulemap iphonesimulator
+fi
+
 rm -rf openssl.xcframework
 xcodebuild -create-xcframework \
     -framework ${BUILDDIR}/iphoneos/openssl.framework \
