git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

CI: log downloaded file hashes, pin manually bumped ones

Browse Source 
To ensure downloaded binaries are the expected ones. Also to document
SHA-256 hashes of all binary packages and source tarballs.

Closes #20517
This commit is contained in:
Viktor Szakats 2026-02-04 14:54:26 +01:00
parent 462244447e
commit 4ad0a022e1
No known key found for this signature in database
9 changed files with 87 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/distcheck.yml vendored
View File

@ -259,6 +259,9 @@ jobs:
MATRIX_IMAGE: '${{ matrix.image }}'
TESTOPTS: ${{ contains(matrix.image, 'macos') && '-D_CURL_PREFILL=ON' || '' }} ${{ contains(matrix.image, 'windows') && '-DCMAKE_UNITY_BUILD_BATCH_SIZE=30' || '' }}
OLD_CMAKE_VERSION: 3.19.8
OLD_CMAKE_SHA256_LINUX_ARM: 807f5afb2a560e00af9640e496d5673afefc2888bf0ed076412884a5ebb547a1
OLD_CMAKE_SHA256_MACOS_UNI: 0976d23d982af05dcbfb3aa34fcb62ead43bea27f0e3bb95222f2a78161423f2
OLD_CMAKE_SHA256_WIN_INTEL: 2a30877a3d6b50da305b289f4d1c03befdfaeb2edba02a563c681e883d810380
strategy:
fail-fast: false
matrix:
@ -281,21 +284,22 @@ jobs:
if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-win64-x64.zip" --output bin.zip
unzip -q bin.zip
rm -f bin.zip
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-win64-x64.zip" --output pkg.bin
sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${OLD_CMAKE_SHA256_WIN_INTEL}" && unzip -q pkg.bin && rm -f pkg.bin
printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-win64-x64/bin/cmake.exe > ~/old-cmake-path.txt
elif [[ "${MATRIX_IMAGE}" = *'ubuntu'* ]]; then
sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libssl-dev
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Linux-aarch64.tar.gz" | tar -xz
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Linux-aarch64.tar.gz" --output pkg.bin
sha256sum pkg.bin | tee /dev/stderr | grep -qwF -- "${OLD_CMAKE_SHA256_LINUX_ARM}" && tar -xzf pkg.bin && rm -f pkg.bin
printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Linux-aarch64/bin/cmake > ~/old-cmake-path.txt
else
brew install libpsl openssl
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-macos-universal.tar.gz" | tar -xz
--location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-macos-universal.tar.gz" --output pkg.bin
sha256sum pkg.bin | tee /dev/stderr | grep -qwF -- "${OLD_CMAKE_SHA256_MACOS_UNI}" && tar -xzf pkg.bin && rm -f pkg.bin
printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-macos-universal/CMake.app/Contents/bin/cmake > ~/old-cmake-path.txt
fi

15
.github/workflows/http3-linux.yml vendored
View File

@ -208,7 +208,8 @@ jobs:
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "libressl-${LIBRESSL_VERSION}"
cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl/build
cmake --build .
@ -219,7 +220,8 @@ jobs:
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz
--location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "aws-lc-${AWSLC_VERSION}"
cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/awslc/build
cmake --build .
@ -231,7 +233,8 @@ jobs:
mkdir boringssl-src
cd boringssl-src
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
"https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" | tar -xz
"https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/boringssl/build
cmake --build .
cmake --install .
@ -241,7 +244,8 @@ jobs:
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://ftpmirror.gnu.org/nettle/nettle-${NETTLE_VERSION}.tar.gz" | tar -xz
--location "https://ftpmirror.gnu.org/nettle/nettle-${NETTLE_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "nettle-${NETTLE_VERSION}"
./configure --disable-dependency-tracking --prefix=/home/runner/nettle/build \
--disable-silent-rules --disable-static --disable-openssl --disable-documentation
@ -252,7 +256,8 @@ jobs:
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
"https://www.gnupg.org/ftp/gcrypt/gnutls/v${GNUTLS_VERSION%.*}/gnutls-${GNUTLS_VERSION}.tar.xz" | tar -xJ
"https://www.gnupg.org/ftp/gcrypt/gnutls/v${GNUTLS_VERSION%.*}/gnutls-${GNUTLS_VERSION}.tar.xz" --output pkg.bin
sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin
cd "gnutls-${GNUTLS_VERSION}"
# required: libp11-kit-dev libev-dev autopoint bison gperf gtk-doc-tools libtasn1-bin
./configure --disable-dependency-tracking --prefix=/home/runner/gnutls/build \

12
.github/workflows/linux-old.yml vendored
View File

@ -57,8 +57,6 @@ jobs:
runs-on: ubuntu-latest
container: 'debian:stretch'
env:
CMAKE_VERSION: '3.7.0' # Earliest version supported by curl
steps:
- name: 'install prereqs'
# Remember, this shell is dash, not bash
@ -68,7 +66,7 @@ jobs:
# See comment above if this fails after 2025-05-20
apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends httrack
httrack --get https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb
dpkg -i freexian-archive-keyring_2022.06.08_all.deb
sha256sum freexian-archive-keyring_2022.06.08_all.deb && dpkg -i freexian-archive-keyring_2022.06.08_all.deb
echo 'deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free' | tee /etc/apt/sources.list.d/extended-lts.list
apt-get -o Dpkg::Use-Pty=0 update
apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends make automake autoconf libtool gcc pkg-config libpsl-dev libzstd-dev zlib1g-dev libc-ares-dev libkrb5-dev libldap2-dev librtmp-dev stunnel4
@ -77,15 +75,17 @@ jobs:
# the main repo, so force the install.
httrack --get https://deb.freexian.com/extended-lts/pool/main/g/glibc/libc6_2.28-10+deb10u5_amd64.deb
httrack --get https://deb.freexian.com/extended-lts/pool/main/g/gcc-8/libstdc++6_8.3.0-6_amd64.deb
dpkg -i --force-depends libc6_*_amd64.deb libstdc++6_*_amd64.deb
sha256sum libc6_*_amd64.deb libstdc++6_*_amd64.deb && dpkg -i --force-depends libc6_*_amd64.deb libstdc++6_*_amd64.deb
- name: 'install prereqs (cmake)'
env:
CMAKE_VERSION: 3.7.0 # Earliest version supported by curl
CMAKE_SHA256: e075f63e6a9104b1c3d11666ae9546bc8812f7e791a49c4ce11effc063141b2a
run: |
cd ~
fn="cmake-${CMAKE_VERSION}-linux-x86_64"
httrack --get "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${fn}.tar.gz"
tar -xf "${fn}".tar*.gz
rm -f "${fn}".tar*.gz
sha256sum "${fn}".tar*.gz | tee /dev/stderr | grep -qwF -- "${CMAKE_SHA256}" && tar -xf "${fn}".tar*.gz && rm -f "${fn}".tar*.gz
mv "cmake-${CMAKE_VERSION}-Linux-x86_64" cmake
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

47
.github/workflows/linux.yml vendored
View File

@ -453,8 +453,8 @@ jobs:
run: |
cd /home/runner
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/pizlonator/fil-c/releases/download/v${FIL_C_VERSION}/filc-${FIL_C_VERSION}-linux-x86_64.tar.xz" | tar -xJ
mv "filc-${FIL_C_VERSION}-linux-x86_64" filc
--location "https://github.com/pizlonator/fil-c/releases/download/v${FIL_C_VERSION}/filc-${FIL_C_VERSION}-linux-x86_64.tar.xz" --output pkg.bin
sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin && mv "filc-${FIL_C_VERSION}-linux-x86_64" filc
cd filc
./setup.sh
@ -472,7 +472,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'libressl-c-arm') && steps.cache-libressl-c-arm.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "libressl-${LIBRESSL_VERSION}"
cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl
cmake --build .
@ -492,7 +493,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'libressl-filc') && steps.cache-libressl-filc.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "libressl-${LIBRESSL_VERSION}"
cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl \
-DCMAKE_C_COMPILER=/home/runner/filc/build/bin/filcc -DENABLE_ASM=OFF
@ -513,7 +515,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'nghttp2-filc') && steps.cache-nghttp2-filc.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.xz" | tar -xJ
--location "https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.xz" --output pkg.bin
sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin
cd "nghttp2-${NGHTTP2_VERSION}"
cmake -B . -G Ninja -DENABLE_LIB_ONLY=ON -DBUILD_TESTING=OFF -DENABLE_DOC=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/nghttp2 \
-DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF \
@ -535,7 +538,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'wolfssl-all-arm') && steps.cache-wolfssl-all-arm.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" | tar -xz
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "wolfssl-${WOLFSSL_VERSION}-stable"
./autogen.sh
./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-all --enable-tls13 --enable-harden --enable-all \
@ -556,7 +560,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-intel') && steps.cache-wolfssl-opensslextra-intel.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" | tar -xz
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "wolfssl-${WOLFSSL_VERSION}-stable"
./autogen.sh
./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-opensslextra --enable-tls13 --enable-harden --enable-ech --enable-opensslextra \
@ -577,7 +582,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-arm') && steps.cache-wolfssl-opensslextra-arm.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" | tar -xz
--location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "wolfssl-${WOLFSSL_VERSION}-stable"
./autogen.sh
./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-opensslextra --enable-tls13 --enable-harden --enable-ech --enable-opensslextra \
@ -598,7 +604,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-intel') && steps.cache-mbedtls-latest-intel.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" | tar -xj
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" --output pkg.bin
sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin
cd "mbedtls-${MBEDTLS_VERSION}"
./scripts/config.py set MBEDTLS_THREADING_C
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
@ -621,7 +628,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-arm') && steps.cache-mbedtls-latest-arm.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" | tar -xj
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" --output pkg.bin
sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin
cd "mbedtls-${MBEDTLS_VERSION}"
./scripts/config.py set MBEDTLS_THREADING_C
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
@ -644,7 +652,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'mbedtls-prev') && steps.cache-mbedtls-prev.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION_PREV}/mbedtls-${MBEDTLS_VERSION_PREV}.tar.bz2" | tar -xj
--location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION_PREV}/mbedtls-${MBEDTLS_VERSION_PREV}.tar.bz2" --output pkg.bin
sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin
cd "mbedtls-${MBEDTLS_VERSION_PREV}"
./scripts/config.py set MBEDTLS_THREADING_C
./scripts/config.py set MBEDTLS_THREADING_PTHREAD
@ -667,7 +676,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'openldap-static') && steps.cache-openldap-static.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-${OPENLDAP_VERSION}.tgz" | tar -xz
--location "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-${OPENLDAP_VERSION}.tgz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "openldap-${OPENLDAP_VERSION}"
./configure --prefix=/home/runner/openldap-static --enable-static --disable-shared --disable-slapd
make install
@ -705,7 +715,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'awslc') && steps.cache-awslc.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz
--location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "aws-lc-${AWSLC_VERSION}"
cmake -B . -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/awslc -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF
cmake --build .
@ -727,7 +738,8 @@ jobs:
mkdir boringssl-src
cd boringssl-src
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
"https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" | tar -xz
"https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cmake -B . -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/boringssl -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=ON
cmake --build .
cmake --install .
@ -745,11 +757,10 @@ jobs:
- name: 'fetch rustls deb'
if: ${{ contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true' }}
run: |
mkdir -p ~/rustls
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/rustls/rustls-ffi/releases/download/v${RUSTLS_VERSION}/librustls_${RUSTLS_VERSION}_amd64.deb.zip" --output ~/rustls/librustls.zip
unzip ~/rustls/librustls.zip -d ~/rustls
rm ~/rustls/librustls.zip
--location "https://github.com/rustls/rustls-ffi/releases/download/v${RUSTLS_VERSION}/librustls_${RUSTLS_VERSION}_amd64.deb.zip" --output pkg.bin
sha256sum pkg.bin && unzip pkg.bin -d rustls && rm -f pkg.bin
- name: 'build rustls'
# Note: we do not check cache-hit here. If the cache is hit, we need to dpkg install the deb.

3
.github/workflows/macos.yml vendored
View File

@ -112,7 +112,8 @@ jobs:
if: ${{ contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true' }}
run: |
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "libressl-${LIBRESSL_VERSION}"
cmake -B . -G Ninja \
-DCMAKE_INSTALL_PREFIX=/Users/runner/libressl \

15
.github/workflows/non-native.yml vendored
View File

@ -359,14 +359,15 @@ jobs:
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 3 --retry-connrefused \
--location "https://github.com/andrewwutw/build-djgpp/releases/download/v${TOOLCHAIN_VERSION}/djgpp-linux64-gcc1220.tar.bz2" | tar -xj
--location "https://github.com/andrewwutw/build-djgpp/releases/download/v${TOOLCHAIN_VERSION}/djgpp-linux64-gcc1220.tar.bz2" --output pkg.bin
sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin
cd djgpp
for f in wat3211b.zip zlb13b.zip; do
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
"https://www.delorie.com/pub/djgpp/current/v2tk/$f" --output bin.zip
unzip -q bin.zip
rm -f bin.zip
done
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
https://www.delorie.com/pub/djgpp/current/v2tk/wat3211b.zip --output pkg.bin
sha256sum pkg.bin | tee /dev/stderr | grep -qwF faa2222ab5deb2c2aac229c760bf4d45aca5379f5af97865c308a0467046b67a && unzip -q pkg.bin && rm -f pkg.bin
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
https://www.delorie.com/pub/djgpp/current/v2tk/zlb13b.zip --output pkg.bin
sha256sum pkg.bin | tee /dev/stderr | grep -qwF f3d2fa8129e7591c7e79074306d8ab91a70ec172cc01baedeae74992285dd3a3 && unzip -q pkg.bin && rm -f pkg.bin
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:

25
.github/workflows/windows.yml vendored
View File

@ -35,6 +35,7 @@ env:
CURL_CI: github
CURL_TEST_MIN: 1700
STUNNEL_VERSION: 5.76
STUNNEL_SHA256: d93c7c01366d38ebd27689d606e45197ba8e2e2a32d1a186a81d2b01186bfb56
jobs:
build-cache:
@ -59,8 +60,8 @@ jobs:
run: |
cd /c && mkdir my-stunnel && cd my-stunnel
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 240 --retry 3 --retry-connrefused \
"https://www.stunnel.org/archive/5.x/stunnel-${STUNNEL_VERSION}-win64-installer.exe" --output pack.bin
7z x -y pack.bin >/dev/null && rm -r -f pack.bin && ls -l && bin/tstunnel -version
"https://www.stunnel.org/archive/5.x/stunnel-${STUNNEL_VERSION}-win64-installer.exe" --output pkg.bin
sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${STUNNEL_SHA256}" && 7z x -y pkg.bin >/dev/null && rm -f pkg.bin && ls -l && bin/tstunnel -version
cygwin:
name: "cygwin, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.platform }} ${{ matrix.name }}"
@ -476,6 +477,7 @@ jobs:
env: 'x86_64'
ver: '15.1.0'
url: 'https://github.com/skeeto/w64devkit/releases/download/v2.2.0/w64devkit-x64-2.2.0.7z.exe'
SHA256: e02de30b97196329662007d64bc4509fbd7f5e14339d344075c7f1223dead4a2
config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DENABLE_UNIX_SOCKETS=OFF'
type: 'Release'
- name: 'schannel' # mingw-w64 10.0
@ -484,6 +486,7 @@ jobs:
env: 'x86_64'
ver: '9.5.0'
url: 'https://github.com/brechtsanders/winlibs_mingw/releases/download/9.5.0-10.0.0-msvcrt-r1/winlibs-x86_64-posix-seh-gcc-9.5.0-mingw-w64msvcrt-10.0.0-r1.7z'
SHA256: 41637132ea7dc36a7f86a1961eaa334c380b5a3423d36aecb481cabcd006e3fe
config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DCURL_DISABLE_VERBOSE_STRINGS=ON'
type: 'Release'
tflags: 'skiprun'
@ -493,6 +496,7 @@ jobs:
env: 'x86_64'
ver: '7.3.0'
url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win64/Personal%20Builds/mingw-builds/7.3.0/threads-win32/seh/x86_64-7.3.0-release-win32-seh-rt_v5-rev0.7z'
SHA256: 9dc08c9c2bdd5d8173f87791bed644f6e290624f739de474f117b590dfd8a721
config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCURL_USE_MBEDTLS=ON -DCURL_TARGET_WINDOWS_VERSION=0x0600'
install: mingw-w64-x86_64-mbedtls
type: 'Release'
@ -503,6 +507,7 @@ jobs:
env: 'i686'
ver: '6.4.0'
url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/6.4.0/threads-win32/dwarf/i686-6.4.0-release-win32-dwarf-rt_v5-rev0.7z'
SHA256: 12d2c62ad4527ec8a52275ea8485678dcbe20bec4716a3c7ba274f225d696085
config: '-DENABLE_DEBUG=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DCMAKE_UNITY_BUILD=OFF -DCURL_TARGET_WINDOWS_VERSION=0x0600'
type: 'Debug'
tflags: 'skiprun'
@ -512,6 +517,7 @@ jobs:
env: 'x86_64'
ver: '4.8.1'
url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win64/Personal%20Builds/mingw-builds/4.8.1/threads-win32/seh/x86_64-4.8.1-release-win32-seh-rt_v3-rev2.7z'
SHA256: 1353d997e85bb4494ebbebb432d824848d66b32c6045900da9a38a767b3c4ab4
config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DCURL_TARGET_WINDOWS_VERSION=0x0600'
type: 'Debug'
tflags: 'skipall'
@ -541,16 +547,15 @@ jobs:
timeout-minutes: 5
env:
MATRIX_URL: '${{ matrix.url }}'
MATRIX_SHA256: '${{ matrix.SHA256 }}'
run: |
cd /d
mkdir my-cache
cd my-cache
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 240 --retry 3 --retry-connrefused \
--location --proto-redir =https "${MATRIX_URL}" --output pack.bin
--location --proto-redir =https "${MATRIX_URL}" --output pkg.bin
pwd
7z x -y pack.bin >/dev/null
rm -r -f pack.bin
ls -l
sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${MATRIX_SHA256}" && 7z x -y pkg.bin >/dev/null && rm -f pkg.bin && ls -l
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
@ -769,7 +774,8 @@ jobs:
MATRIX_OPENSSH: '${{ matrix.openssh }}'
MATRIX_PLAT: '${{ matrix.plat }}'
MATRIX_TYPE: '${{ matrix.type }}'
OPENSSH_WINDOWS_VERSION: 'v9.8.1.0p1-Preview'
OPENSSH_WINDOWS_VERSION: v9.8.1.0p1-Preview
OPENSSH_WINDOWS_SHA256: c7a1369cd73c8165be00c66e90291c4dd67784de7c3aa3af18c68ebedffa6ea9
VCPKG_DISABLE_METRICS: '1'
strategy:
matrix:
@ -1010,9 +1016,8 @@ jobs:
else # OpenSSH-Windows
cd /c # no D: drive on windows-11-arm runners
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location "https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_WINDOWS_VERSION}/OpenSSH-Win64.zip" --output bin.zip
unzip bin.zip
rm -f bin.zip
--location "https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_WINDOWS_VERSION}/OpenSSH-Win64.zip" --output pkg.bin
sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${OPENSSH_WINDOWS_SHA256}" && unzip pkg.bin && rm -f pkg.bin
fi
if [ "${MATRIX_IMAGE}" != 'windows-11-arm' ]; then # save 30-60 seconds, to counteract the slower test run step
python3 -m pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt

5
appveyor.sh
View File

@ -58,9 +58,8 @@ if [ -n "${CMAKE_GENERATOR:-}" ]; then
fn="cmake-${CMAKE_VERSION}-win64-x64"
fi
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${fn}.zip" --output bin.zip
7z x -y bin.zip >/dev/null
rm -f bin.zip
--location "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${fn}.zip" --output pkg.bin
sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${CMAKE_SHA256}" && 7z x -y pkg.bin >/dev/null && rm -f pkg.bin
PATH="$PWD/${fn}/bin:$PATH"
fi

9
appveyor.yml
View File

@ -56,19 +56,22 @@ environment:
- job_name: 'CM VS2013, Debug, x64, Schannel, Shared'
APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015'
CMAKE_VERSION: '3.18.4'
CMAKE_VERSION: 3.18.4
CMAKE_SHA256: a932bc0c8ee79f1003204466c525b38a840424d4ae29f9e5fb88959116f2407d
CMAKE_GENERATOR: 'Visual Studio 12 2013'
CMAKE_GENERATE: '-A x64'
- job_name: 'CM VS2015, Debug, x64, Schannel, Static'
APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015'
CMAKE_VERSION: '3.19.8'
CMAKE_VERSION: 3.19.8
CMAKE_SHA256: 2a30877a3d6b50da305b289f4d1c03befdfaeb2edba02a563c681e883d810380
CMAKE_GENERATOR: 'Visual Studio 14 2015'
CMAKE_GENERATE: '-A x64 -DBUILD_SHARED_LIBS=OFF'
- job_name: 'CM VS2017, Debug, x64, Schannel, Shared'
APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017'
CMAKE_VERSION: '3.20.6'
CMAKE_VERSION: 3.20.6
CMAKE_SHA256: f240a38c964712aac474644b3ba21bdc2b4e8d5e31179f67bd2e6f45fa349419
CMAKE_GENERATOR: 'Visual Studio 15 2017'
CMAKE_GENERATE: '-A x64'