From dccecfa447de0a79892e8be9ba4ea78ad8483f9c Mon Sep 17 00:00:00 2001
From: Daiki Mizukami <tesaguriguma@gmail.com>
Date: Mon, 24 Jul 2023 18:14:57 +0900
Subject: [PATCH] CI: Update `Dockerfile` to install OpenSSL 3

The custom container is no longer required since the upstream image has
removed (the old version of) OpenSSL entirely.
---
 .github/workflows/build-containers.yml        |  9 ++---
 docker/aarch64-unknown-linux-gnu/Dockerfile   | 10 +++---
 .../armv7-unknown-linux-gnueabihf/Dockerfile  | 10 +++---
 docker/install_libssl3.sh                     | 33 +++++++++++++++++++
 4 files changed, 48 insertions(+), 14 deletions(-)
 create mode 100755 docker/install_libssl3.sh

diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml
index 8f3afec..d572610 100644
--- a/.github/workflows/build-containers.yml
+++ b/.github/workflows/build-containers.yml
@@ -12,16 +12,17 @@ jobs:
           - aarch64-unknown-linux-gnu
           - armv7-unknown-linux-gnueabihf
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Log into registry
-      uses: docker/login-action@v1
+      uses: docker/login-action@v2
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v4
       with:
-        context: docker/${{ matrix.target }}
+        context: docker
+        file: docker/${{ matrix.target }}/Dockerfile
         push: true
         tags: ghcr.io/tesaguri/pipitor/cross:${{ matrix.target }}
diff --git a/docker/aarch64-unknown-linux-gnu/Dockerfile b/docker/aarch64-unknown-linux-gnu/Dockerfile
index a8d053d..0fa212f 100644
--- a/docker/aarch64-unknown-linux-gnu/Dockerfile
+++ b/docker/aarch64-unknown-linux-gnu/Dockerfile
@@ -1,8 +1,8 @@
-FROM ghcr.io/tesaguri/cross:aarch64-unknown-linux-gnu
+FROM ghcr.io/cross-rs/aarch64-unknown-linux-gnu:latest
+
+COPY install_libssl3.sh /
 
 RUN dpkg --add-architecture arm64 && \
     apt-get update && \
-    apt-get install --assume-yes libsqlite3-dev libsqlite3-dev:arm64 libssl-dev:arm64
-
-ENV PKG_CONFIG_ALLOW_CROSS_aarch64_unknown_linux_gnu=1 \
-    PKG_CONFIG_PATH_aarch64_unknown_linux_gnu='/usr/lib/aarch64-linux-gnu/pkgconfig'
+    apt-get install --assume-yes libsqlite3-dev libsqlite3-dev:arm64 && \
+    /install_libssl3.sh arm64 aarch64
diff --git a/docker/armv7-unknown-linux-gnueabihf/Dockerfile b/docker/armv7-unknown-linux-gnueabihf/Dockerfile
index 287ea4b..1e50d55 100644
--- a/docker/armv7-unknown-linux-gnueabihf/Dockerfile
+++ b/docker/armv7-unknown-linux-gnueabihf/Dockerfile
@@ -1,8 +1,8 @@
-FROM ghcr.io/tesaguri/cross:armv7-unknown-linux-gnueabihf
+FROM ghcr.io/cross-rs/armv7-unknown-linux-gnueabihf:latest
+
+COPY install_libssl3.sh /
 
 RUN dpkg --add-architecture armhf && \
     apt-get update && \
-    apt-get install --assume-yes libsqlite3-dev libsqlite3-dev:armhf libssl-dev:armhf
-
-ENV PKG_CONFIG_ALLOW_CROSS_armv7_unknown_linux_gnueabihf=1 \
-    PKG_CONFIG_PATH_armv7_unknown_linux_gnueabihf='/usr/lib/arm-linux-gnueabihf/pkgconfig'
+    apt-get install --assume-yes libsqlite3-dev libsqlite3-dev:armhf && \
+    /install_libssl3.sh armhf armhf
diff --git a/docker/install_libssl3.sh b/docker/install_libssl3.sh
new file mode 100755
index 0000000..50a8ba2
--- /dev/null
+++ b/docker/install_libssl3.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -xeo pipefail
+
+if [ "$(lsb_release -rs)" \< '22.04' ]; then
+	# Build OpenSSL 3 from source since 20.04 (focal) doesn't have `libssl3` package.
+	purge_list=()
+	for pkg in build-essential checkinstall zlib1g-dev:"$1"; do
+		if ! dpkg-query --status "$pkg" >/dev/null 2>/dev/null; then
+			purge_list+=( "$pkg" )
+		fi
+	done
+	if (( "${#purge_list}" )); then
+		apt-get install --assume-yes --no-install-recommends "${purge_list[@]}"
+	fi
+
+	curl -fsSO 'https://www.openssl.org/source/openssl-3.0.9.tar.gz'
+	sha256sum --check <<< 'eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90 openssl-3.0.9.tar.gz'
+	tar -xzf openssl-3.0.9.tar.gz
+	rm openssl-3.0.9.tar.gz
+
+	cd openssl-3.0.9
+	./Configure --cross-compile-prefix="$2-linux-gnu-" --prefix="/usr/$2-linux-gnu" "linux-$2"
+	make
+	make install
+
+	if (( "${#purge_list}" )); then
+		apt-get purge --assume-yes --auto-remove "${purge_list[@]}"
+	fi
+else
+	apt-get update
+	apt-get install --assume-yes --no-install--recommends libssl3:"$1" libssl-dev:"$1"
+fi