« Back to Index

Compile Curl

View original Gist on GitHub

Tags: #shell

Example.Dockerfile

FROM python:3.8-slim

# libbrotli from debian apt, and build tools
RUN apt-get update && apt-get install -y git build-essential autoconf automake libtool brotli libbrotli-dev zlib1g-dev pkg-config cmake golang

# nghttp2 dev libraries - curl http2 support
RUN git clone https://github.com/tatsuhiro-t/nghttp2.git /tmp/nghttp2
WORKDIR /tmp/nghttp2
RUN autoreconf -i && automake && autoconf
RUN ./configure
RUN make
RUN make install

# rust (incl cargo), to install quiche
# the irony of the next command is not lost on me
RUN apt-get install -y curl 
# installs cargo to /root/.cargo/bin/cargo (for lack of an env)
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
# remove our trojan horse version
RUN apt-get remove -y curl

# cloudflare quiche dev libraries with pkg-config for cURL build - http3 support
RUN git clone https://github.com/cloudflare/quiche --recursive /tmp/quiche

# compile boringssl with SSL headers for cURL to use (--with-ssl)
WORKDIR /tmp/quiche/deps/boringssl
RUN mkdir build
WORKDIR /tmp/quiche/deps/boringssl/build
RUN cmake -DCMAKE_POSITION_INDEPENDENT_CODE=on ..
RUN make
WORKDIR /tmp/quiche/deps/boringssl
RUN mkdir -p .openssl/lib
RUN cp build/crypto/libcrypto.a build/ssl/libssl.a .openssl/lib
RUN ln -s $PWD/include .openssl

# compile quiche
WORKDIR /tmp/quiche/
RUN QUICHE_BSSL_PATH=$PWD/deps/boringssl /root/.cargo/bin/cargo build --release --features pkg-config-meta
RUN cp /tmp/quiche/target/release/libquiche.so /usr/lib

# finally, build cURL. are you excited? I am.
RUN git clone https://github.com/curl/curl /tmp/curl
WORKDIR /tmp/curl
RUN ./buildconf
RUN ./configure LDFLAGS="-Wl,-rpath,/tmp/quiche/target/release" --prefix=/usr --with-ssl=/tmp/quiche/deps/boringssl/.openssl --libdir=/usr/lib/x86_64-linux-gnu --with-brotli --with-zlib --with-nghttp2 --with-quiche=/tmp/quiche/target/release --enable-alt-svc

# Expected: 
  # Host setup:       x86_64-pc-linux-gnu
  # Install prefix:   /usr
  # Compiler:         gcc
  #  CFLAGS:          -Werror-implicit-function-declaration -O2 -Wno-system-headers -pthread
  #  CPPFLAGS:        -isystem /tmp/quiche/deps/boringssl/.openssl/include -isystem /tmp/quiche/deps/boringssl/.openssl/include/openssl -isystem /usr/local/include -isystem /tmp/quiche/include
  #  LDFLAGS:         -Wl,-rpath,/tmp/quiche/target/release -L/tmp/quiche/deps/boringssl/.openssl/lib -L/usr/local/lib -L/tmp/quiche/target/release
  #  LIBS:            -lquiche -lnghttp2 -lssl -lbrotlidec -lbrotlidec -lz -lcrypto -ldl -lpthread

  # curl version:     7.71.0-DEV
  # SSL:              enabled (BoringSSL)
  # SSH:              no      (--with-{libssh,libssh2})
  # zlib:             enabled
  # brotli:           enabled (libbrotlidec)
  # GSS-API:          no      (--with-gssapi)
  # TLS-SRP:          no      (--enable-tls-srp)
  # resolver:         POSIX threaded
  # IPv6:             enabled
  # Unix sockets:     enabled
  # IDN:              no      (--with-{libidn2,winidn})
  # Build libcurl:    Shared=yes, Static=yes
  # Built-in manual:  no      (--enable-manual)
  # --libcurl option: enabled (--disable-libcurl-option)
  # Verbose errors:   enabled (--disable-verbose)
  # Code coverage:    disabled
  # SSPI:             no      (--enable-sspi)
  # ca cert bundle:   /etc/ssl/certs/ca-certificates.crt
  # ca cert path:     no
  # ca fallback:      no
  # LDAP:             no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)
  # LDAPS:            no      (--enable-ldaps)
  # RTSP:             enabled
  # RTMP:             no      (--with-librtmp)
  # Metalink:         no      (--with-libmetalink)
  # PSL:              no      (libpsl not found)
  # Alt-svc:          enabled
  # HTTP2:            enabled (nghttp2)
  # HTTP3:            enabled (quiche)
  # ESNI:             no      (--enable-esni)
  # Protocols:        DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
  # Features:         SSL IPv6 UnixSockets libz brotli AsynchDNS alt-svc NTLM NTLM_WB HTTP2 HTTP3 HTTPS-proxy

  # WARNING:  HTTP3 alt-svc enabled but marked EXPERIMENTAL. Use with caution!

RUN make
RUN make install

# clean up after ourselves
RUN rm -rf /tmp/curl /tmp/quiche /tmp/nghttp2
RUN apt-get remove -y git build-essential autoconf automake libtool zlib1g-dev pkg-config cmake golang
RUN apt-get autoremove -y

# try our shiny new cURL out
# brotli
CMD ["curl", "--compressed", "https://httpbin.org/brotli"]

compile curl.md

Check OS:

$ uname -a
Linux bcf344edf35e 4.19.76-linuxkit #1 SMP Fri Apr 3 15:53:26 UTC 2020 x86_64 GNU/Linux

$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Get curl source code and compile it:

$ apt-get update && apt-get install -y git build-essential autoconf automake libtool brotli libbrotli-dev

$ git clone https://github.com/curl/curl /tmp/curl
$ cd /tmp/curl/
$ ./buildconf
$ ./configure 
$ make
$ make install

Check curl information:

$ which curl
/usr/local/bin/curl

$ ldd $(which curl)
configure: Configured to build curl/libcurl:

  Host setup:       x86_64-pc-linux-gnu
  Install prefix:   /usr/local
  Compiler:         gcc
   CFLAGS:          -Werror-implicit-function-declaration -O2 -Wno-system-headers -pthread
   CPPFLAGS:
   LDFLAGS:
   LIBS:            -lidn2 -lssl -lcrypto -lbrotlidec -lz

  curl version:     7.71.0-DEV
  SSL:              enabled (OpenSSL)
  SSH:              no      (--with-{libssh,libssh2})
  zlib:             enabled
  brotli:           enabled (libbrotlidec)
  GSS-API:          no      (--with-gssapi)
  TLS-SRP:          enabled
  resolver:         POSIX threaded
  IPv6:             enabled
  Unix sockets:     enabled
  IDN:              enabled (libidn2)
  Build libcurl:    Shared=yes, Static=yes
  Built-in manual:  no      (--enable-manual)
  --libcurl option: enabled (--disable-libcurl-option)
  Verbose errors:   enabled (--disable-verbose)
  Code coverage:    disabled
  SSPI:             no      (--enable-sspi)
  ca cert bundle:   /etc/ssl/certs/ca-certificates.crt
  ca cert path:     no
  ca fallback:      no
  LDAP:             no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)
  LDAPS:            no      (--enable-ldaps)
  RTSP:             enabled
  RTMP:             no      (--with-librtmp)
  Metalink:         no      (--with-libmetalink)
  PSL:              no      (libpsl not found)
  Alt-svc:          no      (--enable-alt-svc)
  HTTP2:            disabled (--with-nghttp2)
  HTTP3:            disabled (--with-ngtcp2, --with-quiche)
  ESNI:             no      (--enable-esni)
  Protocols:        DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
  Features:         SSL IPv6 UnixSockets libz brotli AsynchDNS IDN NTLM NTLM_WB TLS-SRP HTTPS-proxy

Use curl:

$ curl --version
$ curl --compressed https://httpbin.org/brotli

./configure --help provides list of all flag options.