From d91b86b4e1a93448790899a3f01e1165421c1b6d Mon Sep 17 00:00:00 2001 From: Yukino Song Date: Thu, 31 Oct 2024 17:43:41 +0800 Subject: [PATCH] Revert "build(deps): migrate from curl to curl-winssl on Windows (#3246)" This reverts commit 9cc8bc8f62d5dfd6236d0b8ec44b6b9978bcbe87, should resolve #91 --- .codeql-prebuild-cpp-Windows.sh | 52 +++++++++++++++++++-------------- docs/building.md | 2 +- src/httpcommon.cpp | 14 ++++----- 3 files changed, 36 insertions(+), 32 deletions(-) diff --git a/.codeql-prebuild-cpp-Windows.sh b/.codeql-prebuild-cpp-Windows.sh index b0c7b4cc..31ee6cd9 100644 --- a/.codeql-prebuild-cpp-Windows.sh +++ b/.codeql-prebuild-cpp-Windows.sh @@ -2,35 +2,43 @@ set -e # update pacman -pacman --noconfirm -Syu +pacman --noconfirm -Suy + +# install wget +pacman --noconfirm -S \ + wget + +# download working curl +wget https://repo.msys2.org/mingw/ucrt64/mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst # install dependencies -dependencies=( - "git" - "mingw-w64-ucrt-x86_64-boost" - "mingw-w64-ucrt-x86_64-cmake" - "mingw-w64-ucrt-x86_64-cppwinrt" - "mingw-w64-ucrt-x86_64-curl-winssl" - "mingw-w64-ucrt-x86_64-miniupnpc" - "mingw-w64-ucrt-x86_64-nlohmann-json" - "mingw-w64-ucrt-x86_64-nodejs" - "mingw-w64-ucrt-x86_64-nsis" - "mingw-w64-ucrt-x86_64-onevpl" - "mingw-w64-ucrt-x86_64-openssl" - "mingw-w64-ucrt-x86_64-opus" - "mingw-w64-ucrt-x86_64-toolchain" -) -pacman -S --noconfirm "${dependencies[@]}" +pacman -U --noconfirm mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst +pacman -Syu --noconfirm --ignore=mingw-w64-ucrt-x86_64-curl \ + base-devel \ + diffutils \ + gcc \ + git \ + make \ + mingw-w64-ucrt-x86_64-cmake \ + mingw-w64-ucrt-x86_64-cppwinrt \ + mingw-w64-ucrt-x86_64-graphviz \ + mingw-w64-ucrt-x86_64-miniupnpc \ + mingw-w64-ucrt-x86_64-nlohmann-json \ + mingw-w64-ucrt-x86_64-nodejs \ + mingw-w64-ucrt-x86_64-nsis \ + mingw-w64-ucrt-x86_64-onevpl \ + mingw-w64-ucrt-x86_64-openssl \ + mingw-w64-ucrt-x86_64-opus \ + mingw-w64-ucrt-x86_64-rust \ + mingw-w64-ucrt-x86_64-toolchain # build mkdir -p build +cd build || exit 1 cmake \ - -B build \ - -G Ninja \ - -S . \ -DBUILD_DOCS=OFF \ - -DBUILD_WERROR=ON -ninja -C build + -G "MinGW Makefiles" .. +mingw32-make -j"$(nproc)" # skip autobuild echo "skip_autobuild=true" >> "$GITHUB_OUTPUT" diff --git a/docs/building.md b/docs/building.md index 851b21b1..f0a064e6 100644 --- a/docs/building.md +++ b/docs/building.md @@ -88,7 +88,7 @@ dependencies=( "mingw-w64-ucrt-x86_64-boost" # Optional "mingw-w64-ucrt-x86_64-cmake" "mingw-w64-ucrt-x86_64-cppwinrt" - "mingw-w64-ucrt-x86_64-curl-winssl" + "mingw-w64-ucrt-x86_64-curl" "mingw-w64-ucrt-x86_64-graphviz" # Optional, for docs "mingw-w64-ucrt-x86_64-miniupnpc" "mingw-w64-ucrt-x86_64-nlohmann-json" diff --git a/src/httpcommon.cpp b/src/httpcommon.cpp index cce566b4..7bb38230 100644 --- a/src/httpcommon.cpp +++ b/src/httpcommon.cpp @@ -197,12 +197,7 @@ namespace http { bool download_file(const std::string &url, const std::string &file) { CURL *curl = curl_easy_init(); - if (curl) { - // sonar complains about weak ssl and tls versions - // ideally, the setopts should go after the early returns; however sonar cannot detect the fix - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); - } - else { + if (!curl) { BOOST_LOG(error) << "Couldn't create CURL instance"; return false; } @@ -220,16 +215,17 @@ namespace http { curl_easy_cleanup(curl); return false; } - curl_easy_setopt(curl, CURLOPT_URL, url.c_str()); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite); curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp); - + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); +#ifdef _WIN32 + curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA); +#endif CURLcode result = curl_easy_perform(curl); if (result != CURLE_OK) { BOOST_LOG(error) << "Couldn't download ["sv << url << ", code:" << result << ']'; } - curl_easy_cleanup(curl); fclose(fp); return result == CURLE_OK;