Factor out curl (#4)

fortuna · web-flow · commit 933d4dc9fd0a · 2026-01-16T14:42:16.000-06:00
diff --git a/curl/README.md b/curl/README.md
@@ -0,0 +1,56 @@
+# ECH-enabled `curl`
+
+This is a custom build of `curl` with ECH support from the [DEfO project](https://github.com/defo-project). It is useful for manually testing ECH functionality against specific web servers.
+
+## Prerequisites (for building on macOS)
+
+* Homebrew
+* `automake`
+* `libtool`
+* `pkg-config`
+* `libpsl`
+
+## Building
+
+A helper script, `build-curl.sh`, is provided to automate the build process for `curl` and its dependency, `openssl`.
+
+To build the ECH-enabled `curl`, run the script from the `greasereport` directory and provide an output path:
+
+```sh
+./curl/build-curl.sh <output_directory>
+```
+
+For example, to build `curl` and place the output in the `workspace` directory:
+
+```sh
+./curl/build-curl.sh ./workspace
+```
+
+The script will download the source code for `openssl` and `curl`, build them, and install the final binaries in the specified output directory.
+
+For more details on how to use `curl` with ECH, see the [official documentation](https://github.com/defo-project/curl/blob/master/docs/ECH.md).
+
+## Verifying the build
+
+To test that your custom `curl` build is working correctly, run it against the DEfO test server:
+
+```sh
+./workspace/output/bin/curl" --ech=true --doh-url https://1.1.1.1/dns-query 'https://test.defo.ie/echstat.php?format=json' | jq
+```
+
+Example output:
+```json
+{
+  "SSL_ECH_OUTER_SNI": "public.test.defo.ie",
+  "SSL_ECH_INNER_SNI": "test.defo.ie",
+  "SSL_ECH_STATUS": "success",
+  "date": "2025-11-06T19:36:47+00:00",
+  "config": "min-ng.test.defo.ie"
+}
+```
+
+You may need to specify the `LD_LIBRARY_PATH` on Linux:
+
+```sh
+LD_LIBRARY_PATH="$(pwd)/workspace/lib" ./workspace/bin/curl --version
+```
diff --git a/curl/build-curl.sh b/curl/build-curl.sh
@@ -16,29 +16,30 @@
 
 set -e
 
-if [ -z "$1" ]; then
+if [[ -z "$1" ]]; then
   echo "Usage: $0 <output_dir>"
   exit 1
 fi
 
 OUTPUT_DIR=$(realpath "$1")
-WORKSPACE_DIR=$(mktemp -d)
+mkdir -p "${OUTPUT_DIR}/tmp"
+TEMP_DIR=$(mktemp -d -p "${OUTPUT_DIR}/tmp")
 
-echo "Using workspace directory: ${WORKSPACE_DIR}"
+echo "Using workspace directory: ${TEMP_DIR}"
 echo "Using output directory: ${OUTPUT_DIR}"
 
 echo "Cloning OpenSSL..."
-git clone --filter=blob:none https://github.com/defo-project/openssl "${WORKSPACE_DIR}/openssl"
-cd "${WORKSPACE_DIR}/openssl"
+git clone --filter=blob:none https://github.com/defo-project/openssl "${TEMP_DIR}/openssl"
+cd "${TEMP_DIR}/openssl"
 
 echo "Configuring and building OpenSSL..."
 ./config --libdir=lib --prefix="${OUTPUT_DIR}"
-make -j$(nproc)
+make "-j$(nproc)"
 make install_sw
 
 echo "Cloning curl..."
-git clone --filter=blob:none https://github.com/defo-project/curl "${WORKSPACE_DIR}/curl"
-cd "${WORKSPACE_DIR}/curl"
+git clone --filter=blob:none https://github.com/defo-project/curl "${TEMP_DIR}/curl"
+cd "${TEMP_DIR}/curl"
 
 echo "Configuring and building curl..."
 autoreconf -fi
@@ -47,6 +48,6 @@ make
 make install
 
 echo "Cleaning up workspace..."
-rm -rf "${WORKSPACE_DIR}"
+rm -rf "${TEMP_DIR}"
 
 echo "Done. curl with ECH support is installed in ${OUTPUT_DIR}/bin"
diff --git a/greasereport/README.md b/greasereport/README.md
@@ -1,7 +1,13 @@
-## `greasereport`
+# ECH GREASE Report Generation
 
 This tool, located in the `greasereport/` directory, issues HEAD requests to a list of domains with and without ECH GREASE to test for compatibility. It uses a custom-built ECH-enabled `curl` binary for these requests.
 
+## Requirements
+
+You need to build the ECH-enabled `curl` and place it in the workspace directory. See [instructions](../curl/README.md).
+
+## Running
+
 To run the tool, use the `go run` command from the `ech-test` directory:
 
 ```sh
@@ -41,60 +47,7 @@ The tool generates a CSV file (`workspace/grease-results-top<N>.csv`) with the f
 * `total_time_ms`: The total duration of the request.
 * `http_status`: The HTTP status code of the response.
 
----
-
-## ECH-enabled `curl`
-
-This is a custom build of `curl` with ECH support from the [DEfO project](https://github.com/defo-project). It is useful for manually testing ECH functionality against specific web servers.
-
-### Prerequisites (for building on macOS)
-
-* Homebrew
-* `automake`
-* `libtool`
-* `pkg-config`
-* `libpsl`
-
-### Building
-
-A helper script, `build-curl.sh`, is provided to automate the build process for `curl` and its dependency, `openssl`.
-
-To build the ECH-enabled `curl`, run the script from the `greasereport` directory and provide an output path:
-
-```sh
-./build-curl.sh <output_directory>
-```
-
-For example, to build `curl` and place the output in the `workspace` directory:
-
-```sh
-./build-curl.sh ../workspace
-```
-
-The script will download the source code for `openssl` and `curl`, build them, and install the final binaries in the specified output directory.
-
-For more details on how to use `curl` with ECH, see the [official documentation](https://github.com/defo-project/curl/blob/master/docs/ECH.md).
-
-### Verifying the build
-
-To test that your custom `curl` build is working correctly, run it against the DEfO test server:
-
-```sh
-"$(pwd)/workspace/output/bin/curl" --ech=true --doh-url https://1.1.1.1/dns-query 'https://test.defo.ie/echstat.php?format=json' | jq
-```
-
-Example output:
-```json
-{
-  "SSL_ECH_OUTER_SNI": "public.test.defo.ie",
-  "SSL_ECH_INNER_SNI": "test.defo.ie",
-  "SSL_ECH_STATUS": "success",
-  "date": "2025-11-06T19:36:47+00:00",
-  "config": "min-ng.test.defo.ie"
-}
-```
-
-### Report
+## Report
 
 After running the `greasereport` tool, a `report` subdirectory is created within the `greasereport` directory. This directory contains:
 
