Temporarily install openssl-libs-static to build FTL until we have a …

…new base image and bundle new libraries Signed-off-by: DL6ER <[email protected]>
pi-hole · Nov 9, 2024 · 0cf9ddb · 0cf9ddb
1 parent d9d9f68
commit 0cf9ddb
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 545 deletions.
diff --git a/.github/Dockerfile b/.github/Dockerfile
@@ -21,6 +21,9 @@ ENV TERM=xterm
 # This is not supported by Github Actions as it does not provide a TTY to the docker build container
 RUN sed -i '/buffer_with_truncation /d' /bats-core/libexec/bats-core/bats-format-pretty
 
+# Temporarily install openssl-libs-static to build FTL until we have a new base image
+RUN apk --no-cache add openssl-libs-static openssl-dev
+
 # Build FTL
 # Remove possible old build files
 RUN rm -rf cmake && \

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -360,6 +360,23 @@ if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
     set(CMAKE_INSTALL_PREFIX "/usr" CACHE PATH "..." FORCE)
 endif()
 
+find_library(LIBMBEDCRYPTO NAMES lmbedcrypto${LIBRARY_SUFFIX} mbedcrypto)
+find_library(LIBMBEDX509 NAMES lmbedx509${LIBRARY_SUFFIX} mbedx509)
+find_library(LIBMBEDTLS NAMES lmbedtls${LIBRARY_SUFFIX} mbedtls)
+find_library(LIBSSL NAMES libssl${LIBRARY_SUFFIX} ssl)
+find_library(LIBCRYPTO NAMES libcrypto${LIBRARY_SUFFIX} crypto)
+if(LIBMBEDCRYPTO AND LIBMBEDX509 AND LIBMBEDTLS)
+    # Enable TLS support in civetweb if mbedTLS is available
+    message(STATUS "Building FTL with TLS support: YES")
+    target_compile_definitions(core PRIVATE HAVE_MBEDTLS)
+    target_compile_definitions(webserver PRIVATE HAVE_MBEDTLS)
+    # Link against the mbedTLS libraries, the order is important (!)
+    target_link_libraries(pihole-FTL ${LIBMBEDTLS} ${LIBMBEDX509} ${LIBMBEDCRYPTO} ${LIBSSL} ${LIBCRYPTO})
+else()
+    # Disable TLS support in civetweb if mbedTLS is not available
+    message(STATUS "Building FTL with TLS support: NO")
+    target_compile_definitions(civetweb PRIVATE NO_SSL)
+endif()
 
 # After finishing building the FTL binary, we append the sha256sum of the binary
 # in raw form to itself and print the checksum to the console

diff --git a/src/webserver/civetweb/CMakeLists.txt b/src/webserver/civetweb/CMakeLists.txt
@@ -25,9 +25,11 @@ target_compile_options(civetweb PRIVATE -Wno-unused-but-set-variable -Wno-unused
 # USE_IPV6: add IPv6 support
 # USE_LUA: add Lua support
 # USE_HTTP2: enable HTTP2 support
+# OPENSSL_API_3_0: enable OpenSSL 3.0 API
 # TIMER_RESOLUTION: set timer resolution to 1000ms (default is 10ms) in an attempt to reduce CPU load
 target_compile_definitions(civetweb PRIVATE NO_CGI
                                             NO_DLOPEN
+                                            NO_SSL_DL
                                             USE_IPV6
                                             USE_LUA
                                             USE_HTTP2