Bug #33732838 Bundle the openssl command line binary into the test ar…

…chive & expose it in mtr For builds with "custom" OpenSSL: -DWITH_SSL=<path/to/custom/openssl> we now look for the 'openssl' binary, and copy it into the build tree. We don't want to install a binary called 'openssl' in a public bin/ directory, so we rename it to 'my_openssl'. 'my_openssl' is also INSTALLed as part of the Test component. Extend mysql-test-run.pl to look for my_openssl in the build/install directories, and set environment variable OPENSSL_EXECUTABLE. Use this variable in all mtr tests that need to invoke openssl. Fix regexps in check_openssl_version.inc. my $search_pattern_1= "0.9.*" matched '019' for ./bin/openssl version OpenSSL 1.1.1d 10 Sep 2019 and several tests were incorrectly skipped. Remove all usage of 'have_openssl_binary.inc'. Change-Id: Ib7f48acbc8f604e493cc84dcf9315f6c9abf1ea5
mysql · Mar 23, 2022 · ab6239e · ab6239e
1 parent 81b729d
commit ab6239e
Show file tree

Hide file tree

Showing 21 changed files with 265 additions and 89 deletions.
diff --git a/cmake/copy_openssl_binary.cmake b/cmake/copy_openssl_binary.cmake
@@ -0,0 +1,120 @@
+# Copyright (c) 2022, Oracle and/or its affiliates.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License, version 2.0,
+# as published by the Free Software Foundation.
+#
+# This program is also distributed with certain software (including
+# but not limited to OpenSSL) that is licensed under separate terms,
+# as designated in a particular file or component or in included license
+# documentation.  The authors of MySQL hereby grant you an additional
+# permission to link the program and your derivative works with the
+# separately licensed software that they have included with MySQL.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License, version 2.0, for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
+
+SET(MSG_TXT
+  "Copied OPENSSL_EXECUTABLE = ${executable_full_filename} to")
+IF(BUILD_IS_SINGLE_CONFIG)
+  IF(EXISTS "${executable_name}")
+#   MESSAGE(STATUS "${executable_name} already copied")
+    RETURN()
+  ENDIF()
+  EXECUTE_PROCESS(
+    COMMAND ${CMAKE_COMMAND} -E copy
+    "${executable_full_filename}" "${executable_name}"
+    )
+  SET(MSG_TXT "${MSG_TXT} ${CWD}/${executable_name}")
+  MESSAGE(STATUS "${MSG_TXT}")
+ELSE()
+  IF(EXISTS "./${CMAKE_CFG_INTDIR}/${executable_name}")
+#   MESSAGE(STATUS "${CMAKE_CFG_INTDIR}/${executable_name} already copied")
+    RETURN()
+  ENDIF()
+  EXECUTE_PROCESS(
+    COMMAND ${CMAKE_COMMAND} -E copy
+    "${executable_full_filename}" "${CMAKE_CFG_INTDIR}/${executable_name}"
+    )
+  SET(MSG_TXT "${MSG_TXT} ${CWD}/${CMAKE_CFG_INTDIR}/${executable_name}")
+  MESSAGE(STATUS "${MSG_TXT}")
+ENDIF()
+
+IF(LINUX)
+  EXECUTE_PROCESS(
+    COMMAND ${PATCHELF_EXECUTABLE} --version
+    OUTPUT_VARIABLE PATCHELF_VERSION
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    )
+  STRING(REPLACE "patchelf" "" PATCHELF_VERSION "${PATCHELF_VERSION}")
+
+  IF(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND
+      PATCHELF_VERSION VERSION_LESS "0.14.5")
+    SET(PATCHELF_PAGE_SIZE_ARGS --page-size ${CPU_PAGE_SIZE})
+  ENDIF()
+
+  EXECUTE_PROCESS(
+    COMMAND ${PATCHELF_EXECUTABLE} ${PATCHELF_PAGE_SIZE_ARGS}
+    --set-rpath "$ORIGIN/../lib:$ORIGIN/../${INSTALL_PRIV_LIBDIR}"
+    "./${executable_name}"
+    )
+ENDIF(LINUX)
+
+IF(APPLE)
+  MESSAGE(STATUS "CRYPTO_VERSION is ${CRYPTO_VERSION}")
+  MESSAGE(STATUS "OPENSSL_VERSION is ${OPENSSL_VERSION}")
+  EXECUTE_PROCESS(
+    COMMAND otool -L ${CMAKE_CFG_INTDIR}/${executable_name}
+    OUTPUT_VARIABLE OTOOL_OPENSSL_DEPS
+    )
+
+  STRING(REPLACE "\n" ";" DEPS_LIST ${OTOOL_OPENSSL_DEPS})
+  FOREACH(LINE ${DEPS_LIST})
+    IF(LINE MATCHES "libssl")
+      STRING(REGEX MATCH "[ ]*([.a-zA-Z0-9/@_]+.dylib).*" UNUSED "${LINE}")
+      MESSAGE(STATUS "dependency ${CMAKE_MATCH_1}")
+      SET(LIBSSL_MATCH "${CMAKE_MATCH_1}")
+    ENDIF()
+    IF(LINE MATCHES "libcrypto")
+      STRING(REGEX MATCH "[ ]*([.a-zA-Z0-9/@_]+.dylib).*" UNUSED "${LINE}")
+      MESSAGE(STATUS "dependency ${CMAKE_MATCH_1}")
+      SET(LIBCRYPTO_MATCH "${CMAKE_MATCH_1}")
+    ENDIF()
+  ENDFOREACH()
+
+  IF(BUILD_IS_SINGLE_CONFIG)
+    # install_name_tool -change old new file
+    EXECUTE_PROCESS(COMMAND install_name_tool -change
+      "${LIBSSL_MATCH}" "@loader_path/../lib/${OPENSSL_VERSION}"
+      "./${executable_name}"
+      )
+    EXECUTE_PROCESS(COMMAND install_name_tool -change
+      "${LIBCRYPTO_MATCH}" "@loader_path/../lib/${CRYPTO_VERSION}"
+      "./${executable_name}"
+      )
+    EXECUTE_PROCESS(
+      COMMAND chmod +w "./${executable_name}"
+      )
+  ELSE()
+    # install_name_tool -change old new file
+    EXECUTE_PROCESS(COMMAND install_name_tool -change
+      "${LIBSSL_MATCH}"
+      "@loader_path/../../lib/${CMAKE_CFG_INTDIR}/${OPENSSL_VERSION}"
+      "./${CMAKE_CFG_INTDIR}/${executable_name}"
+      )
+    EXECUTE_PROCESS(COMMAND install_name_tool -change
+      "${LIBCRYPTO_MATCH}"
+      "@loader_path/../../lib/${CMAKE_CFG_INTDIR}/${CRYPTO_VERSION}"
+      "./${CMAKE_CFG_INTDIR}/${executable_name}"
+      )
+    EXECUTE_PROCESS(
+      COMMAND chmod +w "./${CMAKE_CFG_INTDIR}/${executable_name}"
+      )
+  ENDIF()
+ENDIF(APPLE)
diff --git a/cmake/install_macros.cmake b/cmake/install_macros.cmake
@@ -602,6 +602,89 @@ FUNCTION(SET_PATH_TO_CUSTOM_SSL_FOR_APPLE target)
   ENDIF()
 ENDFUNCTION()
 
+# For custom SSL, copy the openssl executable to the build directory,
+# and INSTALL it at part of the Test COMPONENT.
+#
+# We update the RUNPATH of the executable to
+# $ORIGIN/../lib:$ORIGIN/lib/private for Linux
+# @loader_path/../lib for macOS.
+#
+# executable_full_filename is ${WITH_SSL_PATH}/bin/openssl.
+# Arguments CRYPTO_VERSION OPENSSL_VERSION are used for macOS only.
+# Set ${OUTPUT_TARGET_NAME} to the name of a target which will do the copying.
+#
+# We cannot install 'openssl' in a public bin/ directory,
+# so we rename it to 'my_openssl'.
+FUNCTION(COPY_OPENSSL_BINARY executable_full_filename
+    CRYPTO_VERSION OPENSSL_VERSION
+    OUTPUT_TARGET_NAME)
+  GET_FILENAME_COMPONENT(executable_name "${executable_full_filename}" NAME)
+  GET_FILENAME_COMPONENT(exe_name_we "${executable_full_filename}" NAME_WE)
+
+  SET(COPY_TARGET_NAME "copy_${exe_name_we}")
+  SET(${OUTPUT_TARGET_NAME} "${COPY_TARGET_NAME}" PARENT_SCOPE)
+
+  # Get rid of Warning MSB8065: File not created
+  # MY_ADD_CUSTOM_TARGET fails in mysterious ways, so we touch here instead.
+  IF(CMAKE_GENERATOR MATCHES "Visual Studio")
+    EXECUTE_PROCESS(
+      COMMAND ${CMAKE_COMMAND} -E touch
+      "${CMAKE_BINARY_DIR}/cmakefiles/${COPY_TARGET_NAME}"
+      )
+  ENDIF()
+
+  # Do copying and patching in a sub-process, so that we can skip it if
+  # already done.
+  ADD_CUSTOM_TARGET(${COPY_TARGET_NAME} ALL
+    COMMAND ${CMAKE_COMMAND}
+    -Dexecutable_full_filename="${executable_full_filename}"
+    -Dexecutable_name="my_${executable_name}"
+    -DCWD="${CMAKE_BINARY_DIR}/runtime_output_directory"
+    -DAPPLE=${APPLE}
+    -DLINUX=${LINUX}
+    -DWIN32=${WIN32}
+    -DCRYPTO_VERSION="${CRYPTO_VERSION}"
+    -DOPENSSL_VERSION="${OPENSSL_VERSION}"
+    -DINSTALL_PRIV_LIBDIR="${INSTALL_PRIV_LIBDIR}"
+    -DPATCHELF_EXECUTABLE="${PATCHELF_EXECUTABLE}"
+    -DCPU_PAGE_SIZE="${CPU_PAGE_SIZE}"
+    -DBUILD_IS_SINGLE_CONFIG="${BUILD_IS_SINGLE_CONFIG}"
+    -DCMAKE_GENERATOR="${CMAKE_GENERATOR}"
+    -DCMAKE_SYSTEM_PROCESSOR="${CMAKE_SYSTEM_PROCESSOR}"
+    -DCMAKE_CFG_INTDIR="${CMAKE_CFG_INTDIR}"
+    -P ${CMAKE_SOURCE_DIR}/cmake/copy_openssl_binary.cmake
+    WORKING_DIRECTORY
+    "${CMAKE_BINARY_DIR}/runtime_output_directory"
+    )
+
+  SET(PERMISSIONS_EXECUTABLE
+    PERMISSIONS
+    OWNER_READ OWNER_WRITE OWNER_EXECUTE
+    GROUP_READ GROUP_EXECUTE
+    WORLD_READ WORLD_EXECUTE
+    )
+
+  MESSAGE(STATUS "INSTALL ${executable_name} TO ${INSTALL_BINDIR}")
+  IF(BUILD_IS_SINGLE_CONFIG)
+    INSTALL(FILES
+      "${CMAKE_BINARY_DIR}/runtime_output_directory/my_${executable_name}"
+      DESTINATION "${INSTALL_BINDIR}"
+      COMPONENT Test
+      ${PERMISSIONS_EXECUTABLE}
+      )
+  ELSE()
+    FOREACH(cfg Debug Release RelWithDebInfo MinSizeRel)
+      INSTALL(FILES
+     "${CMAKE_BINARY_DIR}/runtime_output_directory/${cfg}/my_${executable_name}"
+        DESTINATION "${INSTALL_BINDIR}"
+        CONFIGURATIONS ${cfg}
+        COMPONENT Test
+        ${PERMISSIONS_EXECUTABLE}
+        )
+    ENDFOREACH()
+  ENDIF()
+ENDFUNCTION(COPY_OPENSSL_BINARY)
+
 
 # For standalone Linux build and -DWITH_LDAP -DWITH_SASL -DWITH_SSL and
 # -DWITH_KERBEROS set to custom path.

diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
@@ -348,8 +348,14 @@ MACRO (MYSQL_CHECK_SSL)
        OPENSSL_MAJOR_VERSION STREQUAL "1"
       )
       SET(OPENSSL_FOUND TRUE)
-      FIND_PROGRAM(OPENSSL_EXECUTABLE openssl
-        DOC "path to the openssl executable")
+      IF(WITH_SSL_PATH)
+        FIND_PROGRAM(OPENSSL_EXECUTABLE openssl
+          NO_DEFAULT_PATH
+          PATHS "${WITH_SSL_PATH}/bin"
+          DOC "path to the openssl executable")
+      ELSE()
+        FIND_PROGRAM(OPENSSL_EXECUTABLE openssl)
+      ENDIF()
       IF(OPENSSL_EXECUTABLE)
         SET(OPENSSL_EXECUTABLE_HAS_ZLIB 0)
         EXECUTE_PROCESS(
@@ -481,7 +487,10 @@ MACRO(MYSQL_CHECK_SSL_DLLS)
       ADD_CUSTOM_TARGET(copy_openssl_dlls
         DEPENDS ${crypto_target} ${openssl_target})
 
-    ENDIF()
+      COPY_OPENSSL_BINARY(${OPENSSL_EXECUTABLE} "" "" openssl_exe_target)
+      ADD_DEPENDENCIES(${openssl_exe_target} copy_openssl_dlls)
+
+    ENDIF(LINUX AND HAVE_CRYPTO_SO AND HAVE_OPENSSL_SO)
 
     IF(APPLE)
       GET_FILENAME_COMPONENT(CRYPTO_EXT "${CRYPTO_LIBRARY}" EXT)
@@ -561,6 +570,11 @@ MACRO(MYSQL_CHECK_SSL_DLLS)
         "${CMAKE_BINARY_DIR}/library_output_directory/${CMAKE_CFG_INTDIR}"
         )
 
+      COPY_OPENSSL_BINARY(${OPENSSL_EXECUTABLE}
+        ${CRYPTO_VERSION} ${OPENSSL_VERSION}
+        openssl_exe_target)
+      ADD_DEPENDENCIES(${openssl_exe_target} copy_openssl_dlls)
+
       # Create symlinks for plugins, see MYSQL_ADD_PLUGIN/install_name_tool
       ADD_CUSTOM_TARGET(link_openssl_dlls ALL
         COMMAND ${CMAKE_COMMAND} -E create_symlink
@@ -692,6 +706,8 @@ MACRO(MYSQL_CHECK_SSL_DLLS)
           "${HAVE_CRYPTO_DLL}"
           "${HAVE_OPENSSL_DLL}"
           DESTINATION "${INSTALL_BINDIR}" COMPONENT SharedLibraries)
+        COPY_OPENSSL_BINARY(${OPENSSL_EXECUTABLE} "" "" openssl_exe_target)
+        ADD_DEPENDENCIES(${openssl_exe_target} copy_openssl_dlls)
       ELSE()
         MESSAGE(STATUS "Cannot find SSL dynamic libraries")
         IF(OPENSSL_MINOR_VERSION VERSION_EQUAL 1)

diff --git a/mysql-test/include/check_openssl_version.inc b/mysql-test/include/check_openssl_version.inc
@@ -10,14 +10,14 @@ let OPENSSL_CONFIG_INC= $MYSQLTEST_VARDIR/log/openssl_binary_config.inc;
 --remove_file $OPENSSL_CONFIG_INC
 
 --error 0,1, 127
---exec openssl version > $OPENSSL_VERSION_INFO
+--exec $OPENSSL_EXECUTABLE version > $OPENSSL_VERSION_INFO
 
 perl;
  use strict;
  my $search_file= $ENV{'OPENSSL_VERSION_INFO'};
- my $search_pattern_1= "0.9.*";
- my $search_pattern_2= "1.0.0.*";
- my $search_pattern_3= "1.0.1.*";
+ my $search_pattern_1= "0\\.9.*";
+ my $search_pattern_2= "1\\.0\\.0.*";
+ my $search_pattern_3= "1\\.0\\.1.*";
  my $content= "";
  my $dir= $ENV{'MYSQLTEST_VARDIR'};
  open(CONFIG_INC, ">$dir/log/openssl_binary_config.inc");

diff --git a/mysql-test/include/excludenoskip.list b/mysql-test/include/excludenoskip.list
@@ -106,7 +106,6 @@ fix_priv_tables.test
 federated_bug_25714.test
 
 # 4.4
-have_openssl_binary.inc
 check_openssl_version.inc
 have_tlsv13.inc
 not_have_tlsv13.inc

diff --git a/mysql-test/include/have_openssl_binary.inc b/mysql-test/include/have_openssl_binary.inc
diff --git a/mysql-test/include/have_openssl_binary_version.inc b/mysql-test/include/have_openssl_binary_version.inc
@@ -8,7 +8,6 @@
 # --let $openssl_binary_version = 1.1.*
 # --source include/have_openssl_binary_version.inc
 
-source include/have_openssl_binary.inc;
 --disable_query_log
 --disable_result_log
 
@@ -22,7 +21,7 @@ let OPENSSL_SEARCH_PATTERN=$openssl_binary_version;
 --remove_file $OPENSSL_CONFIG_INC
 
 --error 0,1, 127
---exec openssl version > $OPENSSL_VERSION_INFO
+--exec $OPENSSL_EXECUTABLE version > $OPENSSL_VERSION_INFO
 
 perl;
  use strict;

diff --git a/mysql-test/include/have_openssl_zlib.inc b/mysql-test/include/have_openssl_zlib.inc
@@ -4,9 +4,9 @@
 # Sets $have_openssl_zlib to 0|1
 #
 --error 0,1,2,127
---exec openssl list -cipher-commands > $MYSQL_TMP_DIR/openssl.out 2>&1
+--exec $OPENSSL_EXECUTABLE list -cipher-commands > $MYSQL_TMP_DIR/openssl.out 2>&1
 --error 0,1,2,127
---exec openssl list-cipher-commands >> $MYSQL_TMP_DIR/openssl.out 2>&1
+--exec $OPENSSL_EXECUTABLE list-cipher-commands >> $MYSQL_TMP_DIR/openssl.out 2>&1
 
 --perl
   use strict;

diff --git a/mysql-test/include/ssl_cache.inc b/mysql-test/include/ssl_cache.inc
@@ -1,7 +1,6 @@
 --echo #
 --echo # WL#13075: Support TLS session reuse in the C API version independent part
 --echo #
---source include/have_openssl_binary.inc
 
 # ==== Purpose ====
 #
@@ -102,7 +101,7 @@ exec $MYSQL --tls-version=$tls_version --ssl-mode=required -e "ssl_session_data_
 source include/assert_grep.inc;
 
 --echo # openssl sess_id should be able to parse the file
-exec openssl sess_id -in $session_file -inform PEM -noout -text > $out_file 2>&1;
+exec $OPENSSL_EXECUTABLE sess_id -in $session_file -inform PEM -noout -text > $out_file 2>&1;
 --let $assert_file=$out_file
 --let $assert_text=Checking if session file is PEM format
 --let $assert_select=Protocol[\ \t]*\:[\ \t]*TLSv1\.