From 22e2d8833d56bed1e54d2d74e539a3e31ad24e58 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sun, 15 Sep 2024 19:22:02 +0200
Subject: [PATCH] Install nettle and mbedTLS

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 .github/workflows/codeql.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ce224dd7ee..360bcf64b1 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -10,6 +10,9 @@
 # supported CodeQL languages.
 #
 name: "CodeQL Advanced"
+env:
+  nettleversion: 3.9.1
+  mbedtlsversion: 3.6.1
 
 on:
   push:
@@ -57,6 +60,24 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v4
 
+    - name: Install nettle
+      run: |
+        curl -sSL https://ftl.pi-hole.net/libraries/nettle-${nettleversion}.tar.gz | tar -xz
+        cd nettle-${nettleversion}
+        ./configure --enable-static --disable-shared --disable-openssl --disable-mini-gmp -disable-gcov --disable-documentation
+        make -j $(nproc) install
+
+    - name: Install mbedTLS
+    # Build static mbedTLS with pthread support
+    # Disable AESNI on linux/386 asit would possibly result in an incompatible
+    # binary in processors lacking the AESNI and SSE2 instruction sets
+      run: |
+        curl -sSL https://ftl.pi-hole.net/libraries/mbedtls-${mbedtlsversion}.tar.bz2 | tar -xj
+        cd mbedtls-${mbedtlsversion}
+        sed -i '/#define MBEDTLS_THREADING_C/s*^//**g' include/mbedtls/mbedtls_config.h
+        sed -i '/#define MBEDTLS_THREADING_PTHREAD/s*^//**g' include/mbedtls/mbedtls_config.h
+        make -j $(nproc) install
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3