stop promoting the TLS lib alternatives; generalize the switchtls scr…

…ipt to document how to switch between libs
openziti · Feb 8, 2024 · 57449d9 · 57449d9
1 parent fdd8785
commit 57449d9
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 38 deletions.
diff --git a/BUILD.md b/BUILD.md
@@ -143,14 +143,6 @@ the number of jobs to use, which should ideally be specified to the number of
 threads your CPU has. You may also want to add that to your preset using the
 `jobs` property, see the [presets documentation][1] for more details.
 
-## How to Build with OpenSSL
-
-Some features, like PKCS11, require OpenSSL. Mbed-TLS is more tolerate of legacy deployment scenarios. If you want to
-build with OpenSSL, you can use the `ci-linux-x64-static-libssl` preset with the following modifications to substitute
-`openssl` for `mbedtls`.
-
-Build with OpenSSL by running `./scripts/openssl-build.bash [x64|arm64|arm]`.
-
 ## Cross-compile with Docker
 
 You can cross-compile the distribution-specific Linux package or the generic binary with Docker. Both approaches use an

diff --git a/scripts/openssl-build.bash b/scripts/openssl-build.bash
diff --git a/scripts/switchtls-build.bash b/scripts/switchtls-build.bash
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+BASENAME="$(basename "${0}")"
+BASEDIR="$(cd "$(dirname "${0}")" && pwd)"  # full path to scripts dir
+
+if ! (( $# )) || [[ $* =~ -h|(--)?help ]]; then
+    echo -e "\nUsage: ${BASENAME} [openssl|mbedtls] [x64|arm64|arm]"\
+            "\n\nConfigures build preset for OpenSSL or Mbed-TLS and"\
+            "\nbuilds the binary if ARCH is specified\n"
+    exit 0
+fi
+
+set -euo pipefail;
+
+function switch_tls(){
+    local old=$1;
+    local new=$2;
+    # munge the preset to use openssl
+    TMPFILE=$(mktemp);
+    jq --arg old $old --arg new $new '.dependencies |= map(if . == $old then $new else . end)' ./vcpkg.json > "$TMPFILE";
+    mv "$TMPFILE" ./vcpkg.json;
+
+    jq --arg old $old --arg new $new \
+    '.configurePresets |= map(
+        if .cacheVariables.TLSUV_TLSLIB == $old then
+            .cacheVariables.TLSUV_TLSLIB |= $new
+        else
+            .
+        end
+    )
+    ' ./CMakePresets.json > "$TMPFILE";
+    mv "$TMPFILE" ./CMakePresets.json;
+}
+
+TLSLIB=${1:-}
+TARGETARCH=${2:-}
+
+if [[ $TLSLIB == "mbedtls" ]]; then
+    switch_tls "openssl" "mbedtls"
+    PRESET="ci-linux-${TARGETARCH}"
+elif [[ $TLSLIB == "openssl" ]]; then
+    switch_tls "mbedtls" "openssl"
+    PRESET="ci-linux-${TARGETARCH}-static-libssl"
+else
+    echo "Unknown TLS library: $TLSLIB"
+    exit 1
+fi
+
+if [[ -z $TARGETARCH ]]; then
+    echo "No architecture specified, only switching TLS library in vcpkg.json and CMakePresets.json"
+    exit 0
+elif [[ $TARGETARCH =~ ^(x64|arm(64))$ ]]; then
+    "$BASEDIR/ziti-builder.sh" -p "$PRESET"
+else
+    echo "ERROR: Unknown architecture preset: $PRESET"
+fi