install-prereqs-ubuntu.sh

#!/bin/bash
set -ex

# Make sure to have a recent version of openssl installed by default. For example by having an up to date os version.

sudo apt update
sudo apt install -y git \
               build-essential \
               autoconf \
               automake \
               libtool \
               ninja-build \
               libssl-dev \
               libpcre3-dev \
               wget

NGINX_VERSION=1.26.1
CMAKE_VERSION=3.30
CMAKE_BUILD=0

mkdir -p tmp
cd tmp
ROOT=$(pwd)

# Fetch all the files we need
wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh
git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/liboqs.git
(cd liboqs && git checkout d2089c5017fc45f4dce2f6516b3e9ad337946600)
git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/oqs-provider.git
(cd oqs-provider && git checkout 8f37521d5e27ab4d1e0d69a4b4a5bd17927b24b9)
git clone --no-checkout --single-branch --branch master https://github.com/openssl/openssl.git
(cd openssl && git checkout 2a45839778955ffcab01918f10544d46e42f9a5b)
wget nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && tar -zxvf nginx-${NGINX_VERSION}.tar.gz

# Install the latest CMake
mkdir cmake
sh cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh --skip-license --prefix=${ROOT}/cmake

# Build OpenSSL so 'libcrypto.so' is avaiable for the build of liboqs. With Ubuntu 22.04 not longer needed.
# (
#     cd openssl-source
#     ./Configure --prefix=${ROOT}/openssl/ --openssldir=${ROOT}/openssl/
#     make
#     make install
# )


# build liboqs
(
    cd liboqs
    mkdir build && cd build
    # --install-prefix could do the same
    # It needs the libcrypto library, either in .a or .so format, in 'openssl' it is .so and in 'openssl-source' it is .a
    # -- Found OpenSSL: /absolute-path-to/tmp/openssl/lib64/libcrypto.so (found suitable version "3.0.2", minimum required is "1.1.1")
    # OPENSSL_ROOT_DIR=${ROOT}/openssl/ ${ROOT}/cmake/bin/cmake -GNinja -DCMAKE_INSTALL_PREFIX=${ROOT}/openssl/oqs ..
    ${ROOT}/cmake/bin/cmake -GNinja -DCMAKE_INSTALL_PREFIX=${ROOT}/openssl/oqs ..
    ninja && ninja install
)

# build nginx (which builds OQS-OpenSSL)
# NOTE openssl gets built a second time here, maybe this can be avoided
(
    cd nginx-${NGINX_VERSION}
    # NOTE why --without-http_gzip_module
    ./configure --prefix=${ROOT}/nginx \
                    --with-debug \
                    --with-http_v2_module \
                    --with-http_v3_module \
                    --with-http_ssl_module --with-openssl=${ROOT}/openssl \
                    --without-http_gzip_module \
                    --with-cc-opt="-I ${ROOT}/openssl/include" \
                    --with-ld-opt="-L ${ROOT}/openssl/lib64";
    # sed -i 's/libcrypto.a/libcrypto.a -loqs/g' objs/Makefile;
    # NOTE why change this?
    sed -i 's/EVP_MD_CTX_create/EVP_MD_CTX_new/g; s/EVP_MD_CTX_destroy/EVP_MD_CTX_free/g' src/event/ngx_event_openssl.c;
    make && make install;
)