diff --git a/Makefile b/Makefile index 18b097d8b0557..d74c3cd40868b 100644 --- a/Makefile +++ b/Makefile @@ -453,10 +453,9 @@ ifneq ($(OS), WINNT) endif ifeq ($(OS), Linux) -$(JULIAHOME)/contrib/fixup-libstdc++.sh $(DESTDIR)$(libdir) $(DESTDIR)$(private_libdir) - # We need to bundle ca certs on linux now that we're using libgit2 with ssl -ifeq ($(shell [ -e $(shell openssl version -d | cut -d '"' -f 2)/cert.pem ] && echo exists),exists) - -cp $(shell openssl version -d | cut -d '"' -f 2)/cert.pem $(DESTDIR)$(datarootdir)/julia/ -endif + + # Copy over any bundled ca certs we picked up from the system during buildi + -cp $(build_datarootdir)/julia/cert.pem $(DESTDIR)$(datarootdir)/julia/ endif # Copy in juliarc.jl files per-platform for binary distributions as well # Note that we don't install to sysconfdir: we always install to $(DESTDIR)$(prefix)/etc. diff --git a/base/libgit2/libgit2.jl b/base/libgit2/libgit2.jl index 321e974694966..058c8052f19f0 100644 --- a/base/libgit2/libgit2.jl +++ b/base/libgit2/libgit2.jl @@ -529,18 +529,15 @@ function set_ssl_cert_locations(cert_loc) cert_file = isfile(cert_loc) ? cert_loc : Cstring(C_NULL) cert_dir = isdir(cert_loc) ? cert_loc : Cstring(C_NULL) cert_file == C_NULL && cert_dir == C_NULL && return - ccall((:git_libgit2_opts, :libgit2), Cint, - (Cint, Cstring, Cstring), - Cint(Consts.SET_SSL_CERT_LOCATIONS), cert_file, cert_dir) + # TODO FIX https://github.com/libgit2/libgit2/pull/3935#issuecomment-253910017 + #ccall((:git_libgit2_opts, :libgit2), Cint, + # (Cint, Cstring, Cstring), + # Cint(Consts.SET_SSL_CERT_LOCATIONS), cert_file, cert_dir) + ENV["SSL_CERT_FILE"] = cert_file + ENV["SSL_CERT_DIR"] = cert_dir end function __init__() - err = ccall((:git_libgit2_init, :libgit2), Cint, ()) - err > 0 || throw(ErrorException("error initializing LibGit2 module")) - atexit() do - ccall((:git_libgit2_shutdown, :libgit2), Cint, ()) - end - # Look for OpenSSL env variable for CA bundle (linux only) # windows and macOS use the OS native security backends @static if is_linux() @@ -554,6 +551,12 @@ function __init__() end set_ssl_cert_locations(cert_loc) end + + err = ccall((:git_libgit2_init, :libgit2), Cint, ()) + err > 0 || throw(ErrorException("error initializing LibGit2 module")) + atexit() do + ccall((:git_libgit2_shutdown, :libgit2), Cint, ()) + end end diff --git a/deps/libgit2.mk b/deps/libgit2.mk index d7abc6d88f8b0..cc83ae6cdd1d2 100644 --- a/deps/libgit2.mk +++ b/deps/libgit2.mk @@ -40,6 +40,13 @@ ifeq ($(OS),Linux) LIBGIT2_OPTS += -DUSE_OPENSSL=OFF -DUSE_MBEDTLS=ON -DCMAKE_INSTALL_RPATH="\$$ORIGIN" endif +# We need to bundle ca certs on linux now that we're using libgit2 with ssl +ifeq ($(OS),Linux) +ifeq ($(shell [ -e $(shell openssl version -d | cut -d '"' -f 2)/cert.pem ] && echo exists),exists) +CERTFILE=$(shell openssl version -d | cut -d '"' -f 2)/cert.pem +endif +endif + $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/libgit2-ssh.patch-applied: $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/source-extracted cd $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR) && patch -p0 -f < $(SRCDIR)/patches/libgit2-ssh.patch echo 1 > $@ @@ -56,12 +63,20 @@ $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/libgit2-openssl-hang.patch-applied: $(SRCD cd $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR) && patch -p1 -f < $(SRCDIR)/patches/libgit2-openssl-hang.patch echo 1 > $@ +$(build_datarootdir)/julia/cert.pem: $(CERTFILE) + mkdir -p $(build_datarootdir)/julia + -cp $(CERTFILE) $@ + $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: \ $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/libgit2-mbedtls.patch-applied \ $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/libgit2-openssl-hang.patch-applied \ $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/libgit2-ssh.patch-applied \ $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/libgit2-agent-nonfatal.patch-applied +ifneq ($(CERTFILE),) +$(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: $(build_datarootdir)/julia/cert.pem +endif + $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: $(SRCDIR)/srccache/$(LIBGIT2_SRC_DIR)/source-extracted mkdir -p $(dir $@) cd $(dir $@) && \