LibHttpClient.Linux: refactor dependency install to optional step and eliminate forced sudo calls (#963)

ScottMunroMS · web-flow · commit c987fb7bc412 · 2026-04-27T21:52:01.000-07:00
LibHttpClient's linux build had `sudo` authorized calls sprinkled throughout its build by default to install dependencies. Generally, this is an anti-pattern. It means that to ever build libHttpClient for linux you need to have sudo privileges even if all required dependencies are installed. sudo should be isolated to and reserved for operations which require elevations. General builds should not require elevation.

Callers can continue to retain the old behavior by passing `--install-dependencies` to the old build script.

I've also eliminated some unnecessary sudo usage from the openssl build. it was primarily there to give write access to files in the global /usr/local folder. Instead of installing openssl build results there, install them to a local temp folder instead and the need for sudo goes away.
diff --git a/Build/libHttpClient.Linux/curl_Linux.bash b/Build/libHttpClient.Linux/curl_Linux.bash
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 CONFIGURATION="Release"
 
@@ -31,14 +33,25 @@ else
   echo "No previously-built library present at $SCRIPT_DIR/../../Out/x64/$CONFIGURATION/libcurl.Linux/libcurl.a - performing build"
 fi
 
+OPENSSL_INSTALL_DIR="$SCRIPT_DIR/../../Int/x64/$CONFIGURATION/openssl.Linux/"
+
+CONFIGURE_ARGS=(
+    --disable-shared
+    --with-zlib
+    --disable-dependency-tracking
+    --with-openssl=$OPENSSL_INSTALL_DIR
+    --enable-symbol-hiding
+    --without-brotli
+)
 if [ "$CONFIGURATION" = "Debug" ]; then
-    # make libcrypto and libssl
-    ./configure --disable-shared --with-zlib --disable-dependency-tracking -with-openssl=/usr/local/ssl --enable-symbol-hiding --enable-debug --without-brotli
+    CONFIGURE_ARGS+=(--enable-debug)
 else
-    # make libcrypto and libssl
-    ./configure --disable-shared --with-zlib --disable-dependency-tracking -with-openssl=/usr/local/ssl --enable-symbol-hiding --disable-debug --without-brotli
+    CONFIGURE_ARGS+=(--disable-debug)
 fi
 
+# make libcrypto and libssl
+./configure "${CONFIGURE_ARGS[@]}"
+
 MAKE_PARALLELISM="-j$(nproc)" # run Make in parallel to speed up the build process
 make $MAKE_PARALLELISM
 
diff --git a/Build/libHttpClient.Linux/install_dependencies.bash b/Build/libHttpClient.Linux/install_dependencies.bash
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+set -e
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+POSITIONAL_ARGS=()
+DO_INSTALL=true
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --check)
+      DO_INSTALL=false
+      shift # past value
+      ;;
+    -*|--*)
+      echo "Unknown option $1"
+      exit 1
+      ;;
+    *)
+      POSITIONAL_ARGS+=("$1") # save positional arg
+      shift # past argument
+      ;;
+  esac
+done
+
+set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
+
+build_dependencies=(clang make autoconf automake libtool)
+library_dependencies=(zlib1g zlib1g-dev)
+
+if [ "$DO_INSTALL" = false ]; then
+
+  dependencies_missing=false
+  for dep in "${build_dependencies[@]}" "${library_dependencies[@]}"; do
+    if ! dpkg -s "$dep" &> /dev/null; then
+      echo "Missing dependency: $dep"
+      dependencies_missing=true
+    else
+      echo "Dependency installed: $dep"
+    fi
+  done
+
+  if [ "$dependencies_missing" = true ]; then
+    exit 1
+  fi
+
+  echo "All dependencies are installed"
+  exit 0
+fi
+
+echo "Installing dependencies..."
+echo "Build dependencies: ${build_dependencies[*]}"
+echo "Library dependencies: ${library_dependencies[*]}"
+
+sudo hwclock --hctosys
+sudo apt-get update
+sudo apt-get -y install "${build_dependencies[@]}" "${library_dependencies[@]}"
diff --git a/Build/libHttpClient.Linux/libHttpClient_Linux.bash b/Build/libHttpClient.Linux/libHttpClient_Linux.bash
@@ -1,4 +1,7 @@
 #!/bin/bash
+
+set -e
+
 log () {
     echo "***** $1 *****"
 }
@@ -15,6 +18,8 @@ BUILD_STATIC=false
 BUILD_UNREAL_ENGINE_4=false
 C_COMPILER="clang"
 CXX_COMPILER="clang++"
+INSTALL_DEPENDENCIES=false
+REQUIRE_VERIFIED_DEPENDENCIES=true
 
 while [[ $# -gt 0 ]]; do
   case $1 in
@@ -35,8 +40,16 @@ while [[ $# -gt 0 ]]; do
       BUILD_UNREAL_ENGINE_4=true
       shift
       ;;
+    --install-dependencies)
+      INSTALL_DEPENDENCIES=true
+      shift
+      ;;
     -sg|--skipaptget)
-      DO_APTGET=false
+      # NOOP. allow user to specify old --skipaptget args before that became the default
+      shift
+      ;;
+    -sd|--skip-dependency-check)
+      REQUIRE_VERIFIED_DEPENDENCIES=false
       shift
       ;;
     -st|--static)
@@ -56,16 +69,31 @@ done
 
 set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
 
-if [ "$DO_APTGET" != "false" ]; then
-  sudo hwclock --hctosys
-  sudo apt-get update
-  sudo apt-get install clang
-  sudo apt-get install make
-  sudo apt-get install autoconf
-  sudo apt-get install automake
-  sudo apt-get install libtool
-  sudo apt-get install zlib1g zlib1g-dev
+set +e # temporarily disable exit-on-error to provide more graceful handling of dependency installation failures
+if [ "$INSTALL_DEPENDENCIES" = "true" ]; then
+    bash "$SCRIPT_DIR"/install_dependencies.bash
+    if [ $? -ne 0 ]; then
+      echo ""
+      echo "Failed to install dependencies."
+      exit 1
+    fi
+else
+    bash "$SCRIPT_DIR"/install_dependencies.bash --check
+    if [ $? -ne 0 ]; then
+        if [ "$REQUIRE_VERIFIED_DEPENDENCIES" = true ]; then
+            echo ""
+            echo "Some dependencies are missing."
+            echo "Please run with --install-dependencies to install them or run $SCRIPT_DIR/install_dependencies.bash directly"
+            exit 1
+        else
+            echo ""
+            echo "Some dependencies are missing."
+            echo "--skip-dependency-check specified, ignoring and continuing."
+            echo ""
+        fi
+    fi
 fi
+set -e # re-enable exit-on-error after dependency installation check
 
 log "CONFIGURATION  = ${CONFIGURATION}"
 log "BUILD SSL      = ${BUILD_SSL}"
@@ -97,10 +125,10 @@ fi
 MAKE_PARALLELISM="-j$(nproc)" # run Make in parallel to speed up the build process
 if [ "$BUILD_STATIC" = false ]; then
     # make libHttpClient shared
-    sudo cmake -S "$SCRIPT_DIR" -B "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux -D CMAKE_BUILD_TYPE=$CONFIGURATION -D CMAKE_C_COMPILER=$C_COMPILER -D CMAKE_CXX_COMPILER=$CXX_COMPILER -D BUILD_SHARED_LIBS=ON
-    sudo make $MAKE_PARALLELISM -C "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux
+    cmake -S "$SCRIPT_DIR" -B "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux -D CMAKE_BUILD_TYPE=$CONFIGURATION -D CMAKE_C_COMPILER=$C_COMPILER -D CMAKE_CXX_COMPILER=$CXX_COMPILER -D BUILD_SHARED_LIBS=ON
+    make $MAKE_PARALLELISM -C "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux
 else
     # make libHttpClient static
-    sudo cmake -S "$SCRIPT_DIR" -B "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux -D CMAKE_BUILD_TYPE=$CONFIGURATION -D CMAKE_C_COMPILER=$C_COMPILER -D CMAKE_CXX_COMPILER=$CXX_COMPILER -D BUILD_SHARED_LIBS=OFF
-    sudo make $MAKE_PARALLELISM -C "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux
+    cmake -S "$SCRIPT_DIR" -B "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux -D CMAKE_BUILD_TYPE=$CONFIGURATION -D CMAKE_C_COMPILER=$C_COMPILER -D CMAKE_CXX_COMPILER=$CXX_COMPILER -D BUILD_SHARED_LIBS=OFF
+    make $MAKE_PARALLELISM -C "$SCRIPT_DIR"/../../Int/CMake/libHttpClient.Linux
 fi
diff --git a/Build/libHttpClient.Linux/openssl_Linux.bash b/Build/libHttpClient.Linux/openssl_Linux.bash
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 OPENSSL_SRC="$SCRIPT_DIR/../../External/openssl"
 CONFIGURATION="Release"
@@ -22,48 +24,59 @@ while [[ $# -gt 0 ]]; do
   esac
 done
 
-sudo hwclock --hctosys
-sudo rm -rf /usr/local/ssl
-sudo mkdir /usr/local/ssl
-sudo mkdir /usr/local/ssl/lib
-sudo mkdir /usr/local/ssl/include
-sudo mkdir /usr/local/ssl/include/openssl
+if [ -f "$SCRIPT_DIR/../../Out/x64/$CONFIGURATION/libcrypto.Linux/libcrypto.a" ]; then
+  echo "Previously-built library present at $SCRIPT_DIR/../../Out/x64/$CONFIGURATION/libcrypto.Linux/libcrypto.a - skipping build"
+  exit 0
+else
+  echo "No previously-built library present at $SCRIPT_DIR/../../Out/x64/$CONFIGURATION/libcrypto.Linux/libcrypto.a - performing build"
+fi
+
+OPENSSL_INSTALL_DIR="$SCRIPT_DIR/../../Int/x64/$CONFIGURATION/openssl.Linux/"
 
-if [ ! -d /usr/local/ssl ] ; then
-    echo "Directory /usr/local/ssl does not exist"
+rm -rf "$OPENSSL_INSTALL_DIR"
+mkdir -p "$OPENSSL_INSTALL_DIR"
+mkdir -p "$OPENSSL_INSTALL_DIR/lib"
+mkdir -p "$OPENSSL_INSTALL_DIR/include"
+mkdir -p "$OPENSSL_INSTALL_DIR/include/openssl"
+
+if [ ! -d "$OPENSSL_INSTALL_DIR" ] ; then
+    echo "Directory $OPENSSL_INSTALL_DIR does not exist"
     exit 1
 fi
-if [ ! -d /usr/local/ssl/lib ] ; then
-    echo "Directory /usr/local/ssl/lib does not exist"
+if [ ! -d "$OPENSSL_INSTALL_DIR/lib" ] ; then
+    echo "Directory $OPENSSL_INSTALL_DIR/lib does not exist"
     exit 1
 fi
-if [ ! -d /usr/local/ssl/include/openssl ] ; then
-    echo "Directory /usr/local/ssl/include/openssl does not exist"
+if [ ! -d "$OPENSSL_INSTALL_DIR/include/openssl" ] ; then
+    echo "Directory $OPENSSL_INSTALL_DIR/include/openssl does not exist"
     exit 1
 fi
 
-if [ -f "$SCRIPT_DIR/../../Out/x64/$CONFIGURATION/libcrypto.Linux/libcrypto.a" ]; then
-  echo "Previously-built library present at $SCRIPT_DIR/../../Out/x64/$CONFIGURATION/libcrypto.Linux/libcrypto.a - skipping build"
-  exit 0
-else
-  echo "No previously-built library present at $SCRIPT_DIR/../../Out/x64/$CONFIGURATION/libcrypto.Linux/libcrypto.a - performing build"
-fi
-
 pushd $OPENSSL_SRC
-make clean
+if [ -f Makefile ]; then
+    echo "Cleaning previous OpenSSL build"
+    make clean
+fi
 sed -i -e 's/\r$//' Configure
 
+CONFIGURE_ARGS=(
+  --prefix=$OPENSSL_INSTALL_DIR
+  --openssldir=$OPENSSL_INSTALL_DIR
+  linux-x86_64-clang
+  no-shared
+  no-hw
+  no-tests
+  )
 if [ "$CONFIGURATION" = "Debug" ]; then
-    # make libcrypto and libssl
-    ./Configure --prefix=/usr/local/ssl --openssldir=/usr/local/ssl linux-x86_64-clang no-shared no-hw no-tests -d
-else
-    # make libcrypto and libssl
-    ./Configure --prefix=/usr/local/ssl --openssldir=/usr/local/ssl linux-x86_64-clang no-shared no-hw no-tests
+    CONFIGURE_ARGS+=(-d)
 fi
 
+# make libcrypto and libssl
+./Configure "${CONFIGURE_ARGS[@]}"
+
 MAKE_PARALLELISM="-j$(nproc)" # run Make in parallel to speed up the build process
 make $MAKE_PARALLELISM CFLAGS="-fvisibility=hidden" CXXFLAGS="-fvisibility=hidden"
-sudo make install
+make install
 # copies binaries to final directory
 mkdir -p "$SCRIPT_DIR"/../../Out/x64/"$CONFIGURATION"/libcrypto.Linux
 cp -R "$PWD"/libcrypto.a "$SCRIPT_DIR"/../../Out/x64/"$CONFIGURATION"/libcrypto.Linux
diff --git a/Utilities/Pipelines/Tasks/linux-build.yml b/Utilities/Pipelines/Tasks/linux-build.yml
@@ -5,6 +5,11 @@ parameters:
 steps:
   - template: checkout.yml
 
+  - task: Bash@3
+    displayName: 'Ensure libHttpClient dependencies installed'
+    inputs:
+      filePath: './Build/libHttpClient.Linux/install_dependencies.bash'
+
   - task: Bash@3
     displayName: 'Build and install OpenSSL'
     inputs:
