Super Cool Workaround for SSL ca-certificate issue

usr/lib/libssl.so.1.1 in various linux distributions have differing opinions on where to locate the bundle of certificates used to properly handle https traffic. Ubuntu 18.04: /etc/ssl/certs/ca-certificates.crt Manjaro (Arch): /etc/ssl/cert.pem In the AppImage libssl.so.1.1 is being shipped. Notable because we build the AppImage on a Ubuntu base, and the steam decks use arch. This is a hastily thrown together PR, so should not be merged without feedback The AppRun shell script is modified to specify SSL_CERT_FILE in environment
2022-09-12 04:25:15 -07:00
parent 3a5f9409c8
commit af476027bd
2 changed files with 72 additions and 3 deletions
--- a/.ci/scripts/linux/docker.sh
+++ b/.ci/scripts/linux/docker.sh
@@ -35,11 +35,9 @@ rm -vf AppDir/usr/bin/yuzu-cmd AppDir/usr/bin/yuzu-tester
 # Download tools needed to build an AppImage
 wget -nc https://github.com/yuzu-emu/ext-linux-bin/raw/main/appimage/linuxdeploy-x86_64.AppImage
 wget -nc https://github.com/yuzu-emu/ext-linux-bin/raw/main/appimage/linuxdeploy-plugin-qt-x86_64.AppImage
-wget -nc https://github.com/yuzu-emu/ext-linux-bin/raw/main/appimage/AppRun-patched-x86_64
 wget -nc https://github.com/yuzu-emu/ext-linux-bin/raw/main/appimage/exec-x86_64.so
 # Set executable bit
 chmod 755 \
-    AppRun-patched-x86_64 \
    exec-x86_64.so \
    linuxdeploy-x86_64.AppImage \
    linuxdeploy-plugin-qt-x86_64.AppImage
@@ -60,6 +58,9 @@ find AppDir -type f -regex '.*libwayland-client\.so.*' -delete -print
 # Workaround for building yuzu with GCC 10 but also trying to distribute it to Ubuntu 18.04 et al.
 # See https://github.com/darealshinji/AppImageKit-checkrt
 cp exec-x86_64.so AppDir/usr/optional/exec.so
-cp AppRun-patched-x86_64 AppDir/AppRun
 cp --dereference /usr/lib/x86_64-linux-gnu/libstdc++.so.6 AppDir/usr/optional/libstdc++/libstdc++.so.6
 cp --dereference /lib/x86_64-linux-gnu/libgcc_s.so.1 AppDir/usr/optional/libgcc_s/libgcc_s.so.1
+
+# Customized AppRun script executes above workarounds
+cp ../dist/AppRun.sh AppDir/AppRun
+chmod 755 AppDir/AppRun
--- a/dist/AppRun.sh
+++ b/dist/AppRun.sh
@@ -0,0 +1,68 @@
+#!/bin/sh -e
+# SPDX-FileCopyrightText: 2022 <djcj@gmx.de>
+# SPDX-License-Identifier: MIT
+# From: https://github.com/darealshinji/AppImageKit-checkrt
+
+cd "$(dirname "$0")"
+
+cxxpre=""
+gccpre=""
+execpre=""
+libc6arch="libc6,x86-64"
+exec="./bin/$(sed -n -e 's|%f||' -e 's|^Exec=||p' $(ls -1 *.desktop))"
+
+if [ -n "$APPIMAGE" ] && [ "$(file -b "$APPIMAGE" | cut -d, -f2)" != " x86-64" ]; then
+  libc6arch="libc6"
+fi
+
+cd "usr"
+
+if [ -e "./optional/libstdc++/libstdc++.so.6" ]; then
+  lib="$(PATH="/sbin:$PATH" ldconfig -p | grep "libstdc++\.so\.6 ($libc6arch)" | awk 'NR==1{print $NF}')"
+  sym_sys=$(tr '\0' '\n' < "$lib" | grep -e '^GLIBCXX_3\.4' | sort -V | tail -n1)
+  sym_app=$(tr '\0' '\n' < "./optional/libstdc++/libstdc++.so.6" | grep -e '^GLIBCXX_3\.4' | sort -V | tail -n1)
+  if [ "$(printf "${sym_sys}\n${sym_app}"| sort -V | tail -1)" != "$sym_sys" ]; then
+    cxxpath="./optional/libstdc++:"
+  fi
+fi
+
+if [ -e "./optional/libgcc/libgcc_s.so.1" ]; then
+  lib="$(PATH="/sbin:$PATH" ldconfig -p | grep "libgcc_s\.so\.1 ($libc6arch)" | awk 'NR==1{print $NF}')"
+  sym_sys=$(tr '\0' '\n' < "$lib" | grep -e '^GCC_[0-9]\\.[0-9]' | sort -V | tail -n1)
+  sym_app=$(tr '\0' '\n' < "./optional/libgcc/libgcc_s.so.1" | grep -e '^GCC_[0-9]\\.[0-9]' | sort -V | tail -n1)
+  if [ "$(printf "${sym_sys}\n${sym_app}"| sort -V | tail -1)" != "$sym_sys" ]; then
+    gccpath="./optional/libgcc:"
+  fi
+fi
+
+if [ -n "$cxxpath" ] || [ -n "$gccpath" ]; then
+  if [ -e "./optional/exec.so" ]; then
+    execpre=""
+    export LD_PRELOAD="./optional/exec.so:${LD_PRELOAD}"
+  fi
+  export LD_LIBRARY_PATH="${cxxpath}${gccpath}${LD_LIBRARY_PATH}"
+fi
+
+# Force xcb platform for Qt applications
+if [ -z "${QT_QPA_PLATFORM}" ]; then
+    export QT_QPA_PLATFORM=xcb
+fi
+
+# Find correct root CA file
+_POSSIBLE_CERTIFICATES="/etc/ssl/certs/ca-bundle.crt \
+/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt \
+/etc/ssl/ca-bundle.pem /etc/pki/tls/cacert.pem"
+
+if [ -z "$SSL_CERT_FILE" ]; then
+    for i in $_POSSIBLE_CERTIFICATES; do
+        if [ -f "$i" ]; then
+            export SSL_CERT_FILE="$i"
+            break
+        fi
+    done
+fi
+
+#echo ">>>>> $LD_LIBRARY_PATH"
+#echo ">>>>> $LD_PRELOAD"
+
+exec $exec "$@"