user: add static mbedtls-backed https curl

Author: mistcoversmyeyes

user/apps/curl/Makefile

@@ -7,6 +7,10 @@ curl_dir := $(build_dir)/curl-$(curl_version)
 host := $(ARCH)-linux-musl
 prefix := $(host)-
 bin := $(build_dir)/curl
+mbedtls_root := $(abspath $(build_dir)/mbedtls-root)
+mbedtls_prefix := $(mbedtls_root)/usr
+ca_bundle_src := /etc/ssl/certs/ca-certificates.crt
+ca_bundle_dst := etc/ssl/certs/ca-certificates.crt
 
 cc := $(prefix)gcc
 strip := $(prefix)strip
@@ -35,35 +39,39 @@ configure_args := \
 	--disable-telnet \
 	--disable-tftp \
 	--disable-websockets \
-	--without-ssl \
 	--without-openssl \
 	--without-gnutls \
-	--without-mbedtls \
+	--with-mbedtls=$(mbedtls_prefix) \
 	--without-rustls \
 	--without-bearssl \
 	--without-wolfssl \
 	--without-libpsl \
 	--without-brotli \
 	--without-zstd \
 	--without-zlib \
-	--without-ca-bundle \
+	--with-ca-bundle=/$(ca_bundle_dst) \
 	--without-ca-path
 
 $(curl_tarball_path):
-	@if ! wget "$(curl_url_primary)"; then \
+	@if ! env -u http_proxy -u https_proxy -u HTTP_PROXY -u HTTPS_PROXY -u ALL_PROXY -u all_proxy wget "$(curl_url_primary)"; then \
 		rm -f "$(curl_tarball_path)"; \
-		wget "$(curl_url_fallback)"; \
+		env -u http_proxy -u https_proxy -u HTTP_PROXY -u HTTPS_PROXY -u ALL_PROXY -u all_proxy wget "$(curl_url_fallback)"; \
 	fi
 
 $(curl_dir): $(curl_tarball_path)
 	mkdir -p $(build_dir)
 	tar -xJf $< -C $(build_dir)
 
-$(bin): $(curl_dir)
+$(mbedtls_prefix)/lib/libmbedtls.a:
+	$(MAKE) -C ../mbedtls ARCH=$(ARCH) install DADK_CURRENT_BUILD_DIR=$(mbedtls_root)
+
+$(bin): $(mbedtls_prefix)/lib/libmbedtls.a $(curl_dir)
 	cd $(curl_dir) && \
 	PKG_CONFIG=/bin/false \
 	CC="$(cc)" AR="$(ar)" RANLIB="$(ranlib)" STRIP="$(strip)" \
-	CFLAGS="-Os -static" LDFLAGS="-static" \
+	CPPFLAGS="-I$(mbedtls_prefix)/include" \
+	CFLAGS="-Os -static" \
+	LDFLAGS="-static -L$(mbedtls_prefix)/lib" \
 	./configure $(configure_args)
 	cd $(curl_dir) && \
 	$(MAKE) CURL_LDFLAGS_BIN="-all-static" -j$(nproc)
@@ -76,7 +84,10 @@ $(bin): $(curl_dir)
 all: $(bin)
 
 install: all
-	cp $(bin) $(DADK_CURRENT_BUILD_DIR)/curl
+	mkdir -p $(DADK_CURRENT_BUILD_DIR)/bin
+	cp $(bin) $(DADK_CURRENT_BUILD_DIR)/bin/curl
+	mkdir -p $(DADK_CURRENT_BUILD_DIR)/$(dir $(ca_bundle_dst))
+	cp $(ca_bundle_src) $(DADK_CURRENT_BUILD_DIR)/$(ca_bundle_dst)
 
 clean:
 	rm -rf build/

user/apps/mbedtls/.gitignore

@@ -0,0 +1,3 @@
+build/
+*tar.gz
+patches/

user/apps/mbedtls/Makefile

@@ -0,0 +1,75 @@
+ARCH ?= x86_64
+self_dir := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+mbedtls_version := 2.28.0
+mbedtls_tarball := mbedtls_$(mbedtls_version).orig.tar.gz
+mbedtls_tarball_path := $(mbedtls_tarball)
+build_dir := build/$(ARCH)
+mbedtls_dir := $(build_dir)/mbedtls-$(mbedtls_version)
+mbedtls_build_dir := $(build_dir)/cmake-build
+stage_dir := $(build_dir)/stage
+host := $(ARCH)-linux-musl
+prefix := $(host)-
+
+cc := $(prefix)gcc
+ar := $(prefix)ar
+ranlib := $(prefix)ranlib
+gcc_ar := $(prefix)gcc-ar
+gcc_ranlib := $(prefix)gcc-ranlib
+download_env := env -u http_proxy -u https_proxy -u HTTP_PROXY -u HTTPS_PROXY -u ALL_PROXY -u all_proxy
+
+mbedtls_url_primary := http://archive.ubuntu.com/ubuntu/pool/universe/m/mbedtls/$(mbedtls_tarball)
+mbedtls_url_fallback := https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/mbedtls-$(mbedtls_version).tar.gz
+
+cmake_args := \
+	-G Ninja \
+	-D CMAKE_SYSTEM_NAME=Linux \
+	-D CMAKE_C_COMPILER=$(abspath $(shell command -v $(cc))) \
+	-D CMAKE_C_COMPILER_AR=$(abspath $(shell command -v $(gcc_ar))) \
+	-D CMAKE_C_COMPILER_RANLIB=$(abspath $(shell command -v $(gcc_ranlib))) \
+	-D CMAKE_AR=$(abspath $(shell command -v $(ar))) \
+	-D CMAKE_RANLIB=$(abspath $(shell command -v $(ranlib))) \
+	-D CMAKE_C_FLAGS=-Os\ -fPIC \
+	-D CMAKE_INSTALL_PREFIX=/usr \
+	-D ENABLE_PROGRAMS=Off \
+	-D ENABLE_TESTING=Off \
+	-D USE_SHARED_MBEDTLS_LIBRARY=Off
+
+$(mbedtls_tarball_path):
+	@tmp_file="$@.tmp"; \
+	rm -f "$$tmp_file"; \
+	if ! $(download_env) curl -fL --retry 5 --retry-delay 1 -o "$$tmp_file" "$(mbedtls_url_primary)"; then \
+		rm -f "$$tmp_file"; \
+		$(download_env) curl -fL --retry 5 --retry-delay 1 -o "$$tmp_file" "$(mbedtls_url_fallback)"; \
+	fi; \
+	mv "$$tmp_file" "$@"
+
+$(mbedtls_dir): $(mbedtls_tarball_path)
+	mkdir -p $(build_dir)
+	rm -rf $(mbedtls_dir)
+	mkdir -p $(mbedtls_dir)
+	tar -xzf $< -C $(mbedtls_dir) --strip-components=1
+	cd $(mbedtls_dir) && patch -p1 < $(self_dir)/patches/0001-linux-musl-use-getrandom.patch
+
+$(stage_dir)/usr/lib/libmbedtls.a: $(mbedtls_dir)
+	mkdir -p $(mbedtls_build_dir)
+	cd $(mbedtls_build_dir) && \
+	cmake $(cmake_args) $(abspath $(mbedtls_dir))
+	cd $(mbedtls_build_dir) && \
+	cmake --build . -j$(nproc)
+	rm -rf $(stage_dir)
+	cd $(mbedtls_build_dir) && \
+	DESTDIR=$(abspath $(stage_dir)) cmake --install .
+
+.PHONY: all install clean distclean
+
+all: $(stage_dir)/usr/lib/libmbedtls.a
+
+install: all
+	mkdir -p $(DADK_CURRENT_BUILD_DIR)/usr
+	cp -a $(stage_dir)/usr/. $(DADK_CURRENT_BUILD_DIR)/usr/
+
+clean:
+	rm -rf build/
+
+distclean: clean
+	rm -f $(mbedtls_tarball_path)

user/dadk/config/all/mbedtls.toml

@@ -0,0 +1,32 @@
+# 用户程序名称
+name = "mbedtls"
+# 版本号
+version = "2.28.0"
+# 用户程序描述信息
+description = "mbedtls static musl build"
+# （可选）是否只构建一次，如果为true，DADK会在构建成功后，将构建结果缓存起来，下次构建时，直接使用缓存的构建结果
+build-once = false
+#  (可选) 是否只安装一次，如果为true，DADK会在安装成功后，不再重复安装
+install-once = false
+# 目标架构
+# 可选值："x86_64", "aarch64", "riscv64"
+target-arch = ["x86_64"]
+# 任务源
+[task-source]
+# 构建类型
+# 可选值："build-from-source", "install-from-prebuilt"
+type = "build-from-source"
+# 构建来源
+# "build_from_source" 可选值："git", "local", "archive"
+# "install_from_prebuilt" 可选值："local", "archive"
+source = "local"
+# 路径或URL
+source-path = "user/apps/mbedtls"
+[build]
+build-command = "make install"
+[clean]
+clean-command = "make distclean"
+# 安装相关信息
+[install]
+# （可选）安装到DragonOS的路径
+in-dragonos-path = "/"

user/dadk/config/curl.toml

@@ -29,4 +29,4 @@ clean-command = "make distclean"
 # 安装相关信息
 [install]
 # （可选）安装到DragonOS的路径
-in-dragonos-path = "/bin"
+in-dragonos-path = "/"