diff --git a/cryptography-linux/Dockerfile b/cryptography-linux/Dockerfile index f569b74..d3d7f51 100644 --- a/cryptography-linux/Dockerfile +++ b/cryptography-linux/Dockerfile @@ -29,7 +29,6 @@ RUN \ COPY --from=staticnodejs /out/ /staticnode/ ADD install_openssl.sh /root/install_openssl.sh ADD openssl-version.sh /root/openssl-version.sh -ADD list-util-pairs-25367.patch /root/list-util-pairs-25367.patch RUN ./install_openssl.sh RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain stable --profile minimal diff --git a/cryptography-linux/install_openssl.sh b/cryptography-linux/install_openssl.sh index 5ad7e71..61c9e19 100755 --- a/cryptography-linux/install_openssl.sh +++ b/cryptography-linux/install_openssl.sh @@ -8,10 +8,6 @@ curl -#LO "${OPENSSL_URL}/${OPENSSL_VERSION}/${OPENSSL_VERSION}.tar.gz" echo "${OPENSSL_SHA256} ${OPENSSL_VERSION}.tar.gz" | sha256sum -c - tar zxf ${OPENSSL_VERSION}.tar.gz pushd ${OPENSSL_VERSION} -# Patch to work around OpenSSL 3.3.2 requiring a newer perl than manylinux2014 -if [ -f /etc/redhat-release ] && grep -q "CentOS Linux release 7" /etc/redhat-release; then - git apply ../list-util-pairs-25367.patch -fi ./config $OPENSSL_BUILD_FLAGS --prefix=/opt/pyca/cryptography/openssl --openssldir=/opt/pyca/cryptography/openssl make depend make -j4 diff --git a/cryptography-linux/list-util-pairs-25367.patch b/cryptography-linux/list-util-pairs-25367.patch deleted file mode 100644 index 7ff7fff..0000000 --- a/cryptography-linux/list-util-pairs-25367.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/util/mkinstallvars.pl b/util/mkinstallvars.pl -index 52a3d607bd..b67a1c477f 100644 ---- a/util/mkinstallvars.pl -+++ b/util/mkinstallvars.pl -@@ -10,8 +10,14 @@ - # form, or passed as variable assignments on the command line. - # The result is a Perl module creating the package OpenSSL::safe::installdata. - -+use 5.10.0; -+use strict; -+use warnings; -+use Carp; -+ - use File::Spec; --use List::Util qw(pairs); -+#use List::Util qw(pairs); -+sub _pairs (@); - - # These are expected to be set up as absolute directories - my @absolutes = qw(PREFIX libdir); -@@ -19,9 +25,9 @@ my @absolutes = qw(PREFIX libdir); - # as subdirectories to PREFIX or LIBDIR. The order of the pairs is important, - # since the LIBDIR subdirectories depend on the calculation of LIBDIR from - # PREFIX. --my @subdirs = pairs (PREFIX => [ qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR) ], -- LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR -- CMAKECONFIGDIR) ]); -+my @subdirs = _pairs (PREFIX => [ qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR) ], -+ LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR -+ CMAKECONFIGDIR) ]); - # For completeness, other expected variables - my @others = qw(VERSION LDLIBS); - -@@ -151,3 +157,17 @@ our \@LDLIBS = - - 1; - _____ -+ -+######## Helpers -+ -+sub _pairs (@) { -+ croak "Odd number of arguments" if @_ & 1; -+ -+ my @pairlist = (); -+ -+ while (@_) { -+ my $x = [ shift, shift ]; -+ push @pairlist, $x; -+ } -+ return @pairlist; -+} diff --git a/cryptography-linux/openssl-version.sh b/cryptography-linux/openssl-version.sh index 12ba671..048d8a3 100644 --- a/cryptography-linux/openssl-version.sh +++ b/cryptography-linux/openssl-version.sh @@ -1,5 +1,5 @@ -export OPENSSL_VERSION="openssl-3.3.2" -export OPENSSL_SHA256="2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281" +export OPENSSL_VERSION="openssl-3.4.0" +export OPENSSL_SHA256="e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf" # We need a base set of flags because on Windows using MSVC # enable-ec_nistp_64_gcc_128 doesn't work since there's no 128-bit type export OPENSSL_BUILD_FLAGS_WINDOWS="no-ssl3 no-ssl3-method no-zlib no-shared no-module no-comp no-dynamic-engine no-apps no-docs no-sm2-precomp no-atexit"