diff --git a/recipe/activate.bat b/recipe/activate.bat new file mode 100644 index 0000000..b070ac4 --- /dev/null +++ b/recipe/activate.bat @@ -0,0 +1,4 @@ +if "%SSL_CERT_FILE%"=="" ( + set SSL_CERT_FILE=%CONDA_PREFIX%\Library\ssl\cacert.pem + set __CONDA_OPENSLL_CERT_FILE_SET="1" +) diff --git a/recipe/activate.ps1 b/recipe/activate.ps1 new file mode 100644 index 0000000..41d91f6 --- /dev/null +++ b/recipe/activate.ps1 @@ -0,0 +1,4 @@ +if (-not $Env:SSL_CERT_FILE) { + $Env:SSL_CERT_FILE = "$Env:CONDA_PREFIX\Library\ssl\cacert.pem" + $Env:__CONDA_OPENSLL_CERT_FILE_SET = "1" +} diff --git a/recipe/activate.sh b/recipe/activate.sh new file mode 100644 index 0000000..7c7dcf5 --- /dev/null +++ b/recipe/activate.sh @@ -0,0 +1,4 @@ +if [[ "$SSL_CERT_FILE" == "" ]]; then + export SSL_CERT_FILE="${CONDA_PREFIX}\\Library\ssl\\cacert.pem" + export __CONDA_OPENSLL_CERT_FILE_SET="1" +fi diff --git a/recipe/bld.bat b/recipe/bld.bat index 64effae..ca50816 100644 --- a/recipe/bld.bat +++ b/recipe/bld.bat @@ -1,3 +1,5 @@ +setlocal EnableDelayedExpansion + if "%ARCH%"=="32" ( set OSSL_CONFIGURE=VC-WIN32 ) ELSE ( @@ -14,6 +16,8 @@ REM write permissions to limit the risk of non-privileged users exploiting REM OpenSSL's engines feature to perform arbitrary code execution attacks REM against applications that load the OpenSSL DLLs. REM +REM On top of that, we also set the SSL_CERT_FILE environment variable +REM via an activation script to point to the ca-certificates provided CA root file. set PERL=%BUILD_PREFIX%\Library\bin\perl %BUILD_PREFIX%\Library\bin\perl configure %OSSL_CONFIGURE% ^ --prefix=%LIBRARY_PREFIX% ^ @@ -63,3 +67,13 @@ rem copy out32dll\ssleay32.dll %LIBRARY_BIN%\ssleay32.dll rem copy out32dll\libeay32.dll %LIBRARY_BIN%\libeay32.dll rem mkdir %LIBRARY_INC%\openssl rem xcopy /S inc32\openssl\*.* %LIBRARY_INC%\openssl\ + +:: Copy the [de]activate scripts to %PREFIX%\etc\conda\[de]activate.d. +:: This will allow them to be run on environment activation. +for %%F in (activate deactivate) DO ( + if not exist %PREFIX%\etc\conda\%%F.d mkdir %PREFIX%\etc\conda\%%F.d + copy "%RECIPE_DIR%\%%F.bat" "%PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.bat" + copy "%RECIPE_DIR%\%%F.ps1" "%PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.ps1" + :: Copy unix shell activation scripts, needed by Windows Bash users + copy "%RECIPE_DIR%\%%F.sh" "%PREFIX%\etc\conda\%%F.d\%PKG_NAME%_%%F.sh" +) diff --git a/recipe/deactivate.bat b/recipe/deactivate.bat new file mode 100644 index 0000000..5cb3d20 --- /dev/null +++ b/recipe/deactivate.bat @@ -0,0 +1,4 @@ +if "%__CONDA_OPENSLL_CERT_FILE_SET%" == "1" ( + set SSL_CERT_FILE= + set __CONDA_OPENSLL_CERT_FILE_SET= +) diff --git a/recipe/deactivate.ps1 b/recipe/deactivate.ps1 new file mode 100644 index 0000000..2fd22a8 --- /dev/null +++ b/recipe/deactivate.ps1 @@ -0,0 +1,4 @@ +if ($Env:__CONDA_OPENSLL_CERT_FILE_SET -eq "1") { + Remove-Item -Path Env:\SSL_CERT_FILE + Remove-Item -Path Env:\__CONDA_OPENSLL_CERT_FILE_SET +} diff --git a/recipe/deactivate.sh b/recipe/deactivate.sh new file mode 100644 index 0000000..ba24c27 --- /dev/null +++ b/recipe/deactivate.sh @@ -0,0 +1,4 @@ +if [[ "$__CONDA_OPENSLL_CERT_FILE_SET" == "1" ]]; then + unset SSL_CERT_FILE + unset __CONDA_OPENSLL_CERT_FILE_SET +fi diff --git a/recipe/meta.yaml b/recipe/meta.yaml index 1b63f22..d01dd36 100644 --- a/recipe/meta.yaml +++ b/recipe/meta.yaml @@ -9,7 +9,7 @@ source: url: https://www.openssl.org/source/{{ name }}-{{ version }}.tar.gz sha256: 1761d4f5b13a1028b9b6f3d4b8e17feb0cedc9370f6afe61d7193d2cdce83323 build: - number: 0 + number: 1 no_link: lib/libcrypto.so.3.0 # [linux] no_link: lib/libcrypto.3.0.dylib # [osx] has_prefix_files: # [unix] @@ -39,16 +39,15 @@ requirements: test: requires: - - certifi # [win] - python 3.8 - - six commands: - copy NUL checksum.txt # [win] - touch checksum.txt # [unix] - openssl sha256 checksum.txt - openssl ecparam -name prime256v1 - - python -c "from six.moves import urllib; urllib.request.urlopen('https://pypi.org')" # [unix] - - python -c "import certifi; import ssl; import urllib.request as urlrq; urlrq.urlopen('https://pypi.org', context=ssl.create_default_context(cafile=certifi.where()))" # [win] + - if "%SSL_CERT_FILE%"=="" exit 1 # [win] + - if not exist "%SSL_CERT_FILE%" exit 1 # [win] + - python -c "import urllib.request; urllib.request.urlopen('https://pypi.org')" about: home: https://www.openssl.org/