mason
mason copied to clipboard
Revisit curl+boringssl
Ticket to track that I plan to revisit building latest curl against:
- static boringssl (https://boringssl.googlesource.com/boringssl/)
- all the normal CA certs bundled in
The goal would be to have a curl binary that could be:
- extremely solid on all platforms (ubuntu/debian, centos/rhel, osx)
- support https without depending on openssl
- be very very small and fast to install
If we could provide such a thing it could unblock:
- mason itself depending on this curl by default instead of assuming system curl (drops an apt/yum dep)
- building the mason cmake against a static curl (to allow
mason.cmake
to use built-in cmake HTTPS to download mason packages instead of assuming system curl - refs #74)
Cons are:
- We'd need to maintain security updates of this curl binary if boringssl reported any
- Security updates would need to trickle down to cmake package updates
building the mason cmake against a static curl (to allow mason.cmake to use built-in cmake HTTPS to download mason packages instead of assuming system curl - refs #74)
This would unblock a major obstacle I've found: There are many cmake versions out there which are built without SSL support, making it impossible for us to download with cmake.