Add openssl download and build step to krita
ClosedPublic

Authored by vanyossi on Sep 18 2018, 5:29 AM.

Details

Reviewers
rempt
Group Reviewers
Krita
Summary

The patch creates the ext_openssl cmake project, and installs it to disk.
It has to be run before qt compile step but it will detect it on OSX no problem.

Config summary shows

OpenSSL ................................ yes
  Qt directly linked to OpenSSL ........ yes
OpenSSL 1.1 ............................ yes

The flag for adding qt to minwg was not added as I cannot test it from my current setup.

Test Plan

Create a test to use qt open ssl capabilities.

Diff Detail

Repository
R37 Krita
Lint
Lint Skipped
Unit
Unit Tests Skipped
vanyossi created this revision.Sep 18 2018, 5:29 AM
Restricted Application added a reviewer: Krita. · View Herald TranscriptSep 18 2018, 5:29 AM
Restricted Application added a project: Krita. · View Herald Transcript
vanyossi requested review of this revision.Sep 18 2018, 5:29 AM
rempt retitled this revision from Add openssl donwload an dbuild step to krita to Add openssl download and build step to krita.Sep 19 2018, 10:39 AM

This post [1] describes a way of building OpenSSL with mingw(-w64).

Is there an actual need for OpenSSL in Krita now? It is very important
to keep OpenSSL up-to-date due to security issues. Including it in
Krita means someone will need to keep up with the security advisory
and even make timely security update releases.

Speaking of security updates, are there any ongoing tasks among Krita
devs to keep track of security updates of the 3rd-party dependencies?

[1]]: https://stackoverflow.com/questions/9379363/how-to-build-openssl-with-mingw-in-windows

This post [1] describes a way of building OpenSSL with mingw(-w64).

That's rather different from what's in the openssl readme itself :-(

Is there an actual need for OpenSSL in Krita now?

Yes, without openssl we cannot access https, and without that we cannot use the news widget.

It is very important
to keep OpenSSL up-to-date due to security issues. Including it in
Krita means someone will need to keep up with the security advisory
and even make timely security update releases.

Speaking of security updates, are there any ongoing tasks among Krita
devs to keep track of security updates of the 3rd-party dependencies?

Not that I know.

[1]]: https://stackoverflow.com/questions/9379363/how-to-build-openssl-with-mingw-in-windows

This post [1] describes a way of building OpenSSL with mingw(-w64).

That's rather different from what's in the openssl readme itself :-(

Not surprised, since most people would either use MSVC or cross compile from Linux/MSYS2. Only freaks like me would build with mingw-w64 native :P

I actually want to suggest using a pre-built OpenSSL binary for Windows, but it feels a bit wrong to use a binary from a 3rd-party (might even be unsigned) for a security-critical library. I've attempted to build OpenSSL with MSVC at work a couple of years ago and I was stumped for some reasons that I can't remember, and I ended up using a pre-built anyway. But it might have improved now.

rempt added a comment.Sep 24 2018, 6:54 AM
vanyossi updated this revision to Diff 53411.Mar 8 2019, 7:48 AM

This compiles and links correctly on OSX, showing the news widget when no documents are loaded. The patch has not been tested in Windows.

Previous patch was missing the build variable:

CMAKE_ARGS -DOPENSSL_LIBS='-L${EXTPREFIX_qt}/lib -lssl -lcrypto'

rempt accepted this revision.Mar 11 2019, 3:38 PM
This revision is now accepted and ready to land.Mar 11 2019, 3:38 PM
rempt added a comment.Mar 11 2019, 4:07 PM

Do you remember how you added Krita's plugins to the bundle you made?

Yes, I made a script to add plugins and missing libraries. I'll add the scripts in "packaging/macos" on a commit on its own.

I see that you've already committed this but unfortunately it is just broken on Windows. Running config definitely isn't how one would be able to build openssl on Windows.

vanyossi closed this revision.Apr 2 2019, 9:31 PM

Submitted to master