Upgrade to OpenSSL 1.1.1

.travis.yml

@@ -17,7 +17,7 @@ before_install:
  libstdc++6 libtool libgif-dev libtiff-dev libgtk2.0-dev libglib2.0-dev
  libx11-dev libxcursor-dev libxerces-c-dev libxft-dev libxinerama-dev
  libxml2-dev libxml2-utils libxmu-dev libxrandr-dev libyaml-cpp-dev libpcre3-dev
- openssl shunit2 git git-lfs libqt4-dev qt4-default libqt4-opengl-dev
+ shunit2 git git-lfs libqt4-dev qt4-default libqt4-opengl-dev
  python-dev python-git python-imaging python-setuptools python-psycopg2 python-lxml
  swig xorg-dev zlib1g-dev
 script: echo "Running build..."

earth_enterprise/BUILD_RHEL_CentOS.md

@@ -138,7 +138,7 @@ sudo yum install -y \
  gdbm-devel geos-devel giflib-devel glib2-devel GitPython gtk2-devel \
  libcap-devel libicu-devel libmng-devel libpng-devel libtiff-devel libX11-devel libXcursor-devel \
  libXft-devel libXinerama-devel libxml2-devel libXmu-devel libXrandr-devel \
- ogdi-devel openjpeg-devel openjpeg2-devel openssl-devel \
+ ogdi-devel openjpeg-devel openjpeg2-devel \
  perl-Alien-Packages perl-Perl4-CoreLibs proj-devel python-devel \
  rpm-build rpmrebuild rsync scons \
  xerces-c xerces-c-devel xorg-x11-server-devel yaml-cpp-devel zlib-devel
@@ -154,7 +154,7 @@ sudo yum install -y \
  gdbm-devel geos-devel gettext giflib-devel gtk2-devel \
  libcap-devel libmng-devel libpng-devel libX11-devel libXcursor-devel \
  libXft-devel libXinerama-devel libxml2-devel libXmu-devel libXrandr-devel \
- ogdi-devel openjpeg-devel openjpeg2-devel openssl-devel pcre pcre-devel \
+ ogdi-devel openjpeg-devel openjpeg2-devel pcre pcre-devel \
  proj-devel python27 glib2-devel libtiff-devel \
  python27-pip python27-devel python27-setuptools python-unittest2 \
  python-devel rpm-build rpmrebuild rsync scons shunit2 \

earth_enterprise/BUILD_Ubuntu.md

@@ -35,10 +35,10 @@ sudo apt-get install \
  libgdbm-dev libgeos-dev libgeos++-dev libgif-dev libgtest-dev \
  libjpeg-dev libjpeg8-dev libmng-dev libogdi3.2-dev \
  libperl4-corelibs-perl libpng12-0 libpng12-dev libpq-dev libproj-dev \
- libstdc++6 libtool libgif-dev libtiff-dev libgtk2.0-dev libglib2.0-dev \
+ libstdc++6 libtool libtiff-dev libgtk2.0-dev libglib2.0-dev \
  libx11-dev libxcursor-dev libxerces-c-dev libxft-dev libxinerama-dev \
  libxml2-dev libxml2-utils libxmu-dev libxrandr-dev libyaml-cpp-dev \
- openssl libpcre3 libpcre3-dev \
+ libpcre3 libpcre3-dev \
  python-dev python-imaging python-psycopg2 \
  python-setuptools python2.7 python2.7-dev python-git \
  scons shunit2 xorg-dev zlib1g-dev

earth_enterprise/rpms/build.gradle

@@ -258,7 +258,16 @@ task openGeePostGisRpm(type: GeeRpm) {
  autoFindProvides = true
  autoFindRequires = true
 
+ // "requires" is for runtime dependencies. "requiresPre" is for pre-install
+ // script dependencies. We need both because pre- and post-install scripts
+ // call Open GEE binaries, and they may fail if a different version of
+ // common libraries is installed.
+ // In this case, opengee-postgis doesn't have a pre- or post-install script
+ // to worry about, but we do need to make sure that opengee-common's
+ // pre-install script runs first.
  requires('opengee-common', ospackage.version, GREATER | EQUAL)
+ requiresPre('opengee-common', ospackage.version, GREATER | EQUAL)
+
  // The code in GeeRpm decides that this RPM should depend on proj, but
  // it actually depends on proj-devel.
  requires('proj-devel')
@@ -463,7 +472,6 @@ task openGeeCommonDeb (type: GeeDeb, dependsOn: openGeeCommonInitScripts) {
  requires('libstdc++6')
  requires('libtool')
  requires('libxml2-utils')
- requires('openssl')
  requires('python-imaging')
  requires('python-lxml')
  requires('python-psycopg2')
@@ -536,9 +544,14 @@ task openGeeServerRpm(type: GeeRpm, dependsOn: openGeeServerInitScripts) {
  autoFindProvides = true
  autoFindRequires = true
 
+ // "requires" is for runtime dependencies. "requiresPre" is for pre-install
+ // script dependencies. We need both because pre- and post-install scripts
+ // call Open GEE binaries, and they may fail if a different version of
+ // common libraries is installed.
  requires('opengee-common', ospackage.version, GREATER | EQUAL)
  requiresPre('opengee-common', ospackage.version, GREATER | EQUAL)
  requires('opengee-postgis', '2.3.9', GREATER | EQUAL)
+ requiresPre('opengee-postgis', '2.3.9', GREATER | EQUAL)
  conflicts('opengee-postgis', '2.0', LESS )
  conflicts('opengee-postgis', '2.4', GREATER | EQUAL)
  requires('python-unittest2')
@@ -770,7 +783,12 @@ built from raster, vector, and location properties data.
  autoFindProvides = true
  autoFindRequires = true
 
+ // "requires" is for runtime dependencies. "requiresPre" is for pre-install
+ // script dependencies. We need both because pre- and post-install scripts
+ // call Open GEE binaries, and they may fail if a different version of
+ // common libraries is installed.
  requires('opengee-common', ospackage.version, GREATER | EQUAL)
+ requiresPre('opengee-common', ospackage.version, GREATER | EQUAL)
  requires('proj-devel') /* This dependency is not being picked up automatically by GeeRpm task */
  requires('/etc/rc.d/init.d/functions')
  requiresCommands(

earth_enterprise/src/installer/install_fusion.sh

@@ -588,9 +588,6 @@ copy_files_to_target()
  mkdir -p $BASEINSTALLDIR_OPT/share/fonts
  mkdir -p $BASEINSTALLDIR_OPT/gepython
  mkdir -p $BASEINSTALLDIR_OPT/lib
- mkdir -p $BASEINSTALLDIR_VAR/openssl/private
- mkdir -p $BASEINSTALLDIR_VAR/openssl/misc
- mkdir -p $BASEINSTALLDIR_VAR/openssl/certs
  mkdir -p $BASEINSTALLDIR_ETC/openldap
  mkdir -p $BASEINSTALLDIR_VAR/run
  mkdir -p $BASEINSTALLDIR_VAR/log
@@ -621,29 +618,6 @@ copy_files_to_target()
  if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -f $TMPINSTALLDIR/fusion/etc/init.d/gefusion $BININSTALLROOTDIR
 
- TMPOPENSSLPATH=$TMPINSTALLDIR/common/user_magic/var/opt/google/openssl
-
- cp -f $TMPOPENSSLPATH/openssl.cnf $BASEINSTALLDIR_VAR/openssl
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -rf $TMPOPENSSLPATH/private $BASEINSTALLDIR_VAR/openssl
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/CA.sh $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/tsget $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_name $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/CA.pl $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_issuer $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_info $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_hash $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -rf $TMPOPENSSLPATH/certs $BASEINSTALLDIR_VAR/openssl
- if [ $? -ne 0 ]; then error_on_copy=1; fi
-
  TMPOPENLDAPPATH=$TMPINSTALLDIR/common/user_magic/etc/opt/google/openldap
 
  cp -f $TMPOPENLDAPPATH/ldap.conf $BASEINSTALLDIR_ETC/openldap
@@ -990,4 +964,3 @@ main_install
 # Post-Install Main
 #-----------------------------------------------------------------
 main_postinstall
-

earth_enterprise/src/installer/install_server.sh

@@ -428,9 +428,6 @@ copy_files_to_target()
  mkdir -p "$BASEINSTALLDIR_OPT/gehttpd/conf"
  mkdir -p "$BASEINSTALLDIR_OPT/gehttpd/htdocs/shared_assets/images"
  mkdir -p "$BASEINSTALLDIR_OPT/search"
- mkdir -p "$BASEINSTALLDIR_VAR/openssl/private"
- mkdir -p "$BASEINSTALLDIR_VAR/openssl/misc"
- mkdir -p "$BASEINSTALLDIR_VAR/openssl/certs"
  mkdir -p "$BASEINSTALLDIR_ETC/openldap"
  mkdir -p "$BASEINSTALLDIR_VAR/pgsql"
 
@@ -492,29 +489,6 @@ copy_files_to_target()
  cp -rf "$TMPINSTALLDIR/server/opt/google/gehttpd/htdocs/shared_assets/images/location_pin.png" "$BASEINSTALLDIR_OPT/gehttpd/htdocs/shared_assets/images"
  if [ $? -ne 0 ]; then error_on_copy=1; fi
 
- TMPOPENSSLPATH=$TMPINSTALLDIR/common/user_magic/var/opt/google/openssl
-
- cp -f "$TMPOPENSSLPATH/openssl.cnf" "$BASEINSTALLDIR_VAR/openssl"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -rf "$TMPOPENSSLPATH/private" "$BASEINSTALLDIR_VAR/openssl"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/CA.sh" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/tsget" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_name" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/CA.pl" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_issuer" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_info" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_hash" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -rf "$TMPOPENSSLPATH/certs" "$BASEINSTALLDIR_VAR/openssl"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
-
  TMPOPENLDAPPATH=$TMPINSTALLDIR/common/user_magic/etc/opt/google/openldap
 
  cp -f "$TMPOPENLDAPPATH/ldap.conf" "$BASEINSTALLDIR_ETC/openldap"

earth_enterprise/src/third_party/apache2/SConscript

@@ -158,9 +158,6 @@ to_prune_http = ['man', 'error', 'bin/htdbm',
  'htdocs/apache_pb.gif', 'htdocs/index.html'
  ]
 
-# Note: used when compiling with crosstool
-# TODO: delete.
-#stdc = '/opt/google/lib64/libstdc++.so.6'
 apache_target = '%s/.install' % current_dir
 apache_install = apache_env.Command(
  apache_target, apache_configure,

earth_enterprise/src/third_party/openssl/SConscript

@@ -19,7 +19,7 @@
 Import('third_party_env')
 import os
 
-openssl_version = 'openssl-1.0.2h'
+openssl_version = 'openssl-1.1.1i'
 ge_version = openssl_version.replace('openssl', 'openssl-ge')
 
 current_dir = Dir('.').abspath
@@ -49,17 +49,19 @@ else:
  env_opt = 'LDFLAGS=-shared-libgcc CFLAGS="-L%s" CXXFLAGS="-L%s" LDCMD=g++ CC=%s CXX=%s' % (
  build_root, build_root, third_party_env['ENV']['CC'], third_party_env['ENV']['CXX'])
 
+install_root = '%s/install' % current_dir
+install_prefix = install_root + "/opt/google"
+
 # [3] Configure openssl
 openssl_target = '%s/.configure' % current_dir
 openssl_configure = openssl_env.Command(
  openssl_target, openssl_extract,
  [openssl_env.MultiCommand(
  'cd %s\n'
- 'perl util/perlpath.pl /usr/bin/perl\n'
- '%s%s ./Configure -DSSL_ALLOW_ADH --prefix=/opt/google '
- '--openssldir=/var/opt/google/openssl linux-x86_64 shared\n'
+ '%s%s ./Configure -DSSL_ALLOW_ADH --prefix=%s '
+ '--openssldir=%s linux-x86_64 shared\n'
  'touch %s' % (build_root, openssl_env['ENV']['mod_env'], env_opt,
- openssl_target))])
+ install_prefix, install_prefix, openssl_target))])
 
 # [4] Build
 openssl_target = '%s/.build' % current_dir
@@ -89,7 +91,7 @@ openssl_install = openssl_env.Command(
  'rm -rf share/doc/packages/%s\n'
  'mkdir -p share/doc/packages/%s\n'
  'cd -\n'
- 'cp -pr CHANGES CHANGES.SSLeay LICENSE NEWS README '
+ 'cp -pr CHANGES LICENSE NEWS README '
  '%s/opt/google/share/doc/packages/%s\n'
  'touch %s' % (build_root, install_root, install_root_opt, ge_version,
  ge_version, install_root, ge_version, openssl_target))])
@@ -125,9 +127,5 @@ if 'install' in COMMAND_LINE_TARGETS:
  '%s/opt/google/share/' % Dir(
  openssl_env.installdirs['common_root']).abspath,
  openssl_install_build, 'install')
- openssl_env.InstallFileOrDir(
- '%s/var/' % install_root,
- '%s/user_magic/var/' % openssl_env.installdirs['common_root'],
- openssl_install_build, 'install')
 
 Return('openssl_extract openssl_install_build')

earth_enterprise/third_party/openssl/README.google

@@ -1,5 +1,5 @@
 URL: http://www.openssl.org/
-Version: 1.0.2h
+Version: 1.1.1h
 License: bsd-ish, requires acknowledgment
 License File: LICENSE