- Add AppImageBuilder/package-citron-linux.sh: full AppImage packaging
script with debloating (strips Qt Multimedia shared FFmpeg ~100 MB),
and produces a tar.zst portable archive alongside the AppImage.
- Add AppImageBuilder/quick-sharun.sh: sharun-based launcher helper.
- Add dist/org.citron_emu.citron.png: application icon for AppImage.
build-citron-linux.sh:
- Add CITRON_USE_QT_MULTIMEDIA=OFF and QT_NO_PRIVATE_MODULE_WARNING=ON
to common cmake args, preventing Qt Multimedia's shared FFmpeg from
being linked at all.
- Guard -mtls-dialect=gnu2 behind an x86_64 check so aarch64 builds
no longer pass an unsupported flag.
- Expand system dependency setup across all package managers (apt,
pacman, dnf, yum, zypper, emerge) to include: libudev, libGL/OpenGL
headers (required by aqt Qt6 cmake even for Vulkan-only builds),
VAAPI/VDPAU hw-accel libs, and X11/XCB libs required by SDL2 and Qt.
CMakeModules/qt_download.cmake:
- Add aarch64 Linux aqt target (linux_arm64 / linux_gcc_arm64) so
Qt is downloaded for the correct host arch on arm64 builders.
- Remove qtmultimedia from aqt --modules download; it is permanently
dead code under Qt6 and was causing recurring CI install warnings.
CMakeLists.txt:
- Make Qt6 Multimedia an optional find_package component, only included
when CITRON_USE_QT_MULTIMEDIA is ON, so the cmake flag is functional.
externals/libusb/CMakeLists.txt:
- Resolve LIBUSB_SRC_DIR via CPM cache variables (LIBUSB_CPM_SOURCE_DIR
or libusb_src_SOURCE_DIR) before falling back to the submodule path,
fixing CPM-sourced libusb builds on Linux.
drop orphaned ENABLE_OPENAL option
Remove the last remnant of the OpenAL backend: the now-unused
option(ENABLE_OPENAL ...) in the root CMakeLists.txt. The sink
implementation, build wiring, CPMAddPackage fetch, vcpkg manifest
entry, settings enum variant, and sink registration were removed in
prior commits
Android: ENABLE_OPENSSL defaulted OFF, leaving OpenSSL::Crypto
unresolved at CMake link time for core and web_service, which link it
unconditionally. vcpkg now provides real OpenSSL for the android
platform (removed !android from the vcpkg.json platform expression).
ENABLE_OPENSSL now defaults ON on Android, triggering the existing
find_package path. aes_util.cpp's non-x86_64 EVP fallback paths (ECB,
CTR, XTS) are fully functional via OpenSSL's ARMv8 Crypto Extension
backend on arm64-v8a.
macOS Apple Silicon: openssl_build.cmake unconditionally required NASM,
which is only used for OpenSSL's x86_64 assembly targets. ARM64 targets
(darwin64-arm64-cc) use OpenSSL's own Perl-generated ARM assembly and
have no NASM dependency. The unconditional NASM FATAL_ERROR blocked all
native Apple Silicon builds. The check is now gated on x86_64/mingw64
targets only.
Changes:
- CMakeLists.txt: remove ANDROID from DEFAULT_ENABLE_OPENSSL=OFF condition
- CMakeModules/openssl_build.cmake: gate NASM find/FATAL_ERROR on x86_64
- vcpkg.json: remove !android exclusion from openssl platform expression (x2)
- src/android/app/build.gradle.kts: -DENABLE_OPENSSL=0 → 1
- Add download_with_retry() helper with exponential back-off (5s→10s→20s)
replacing bare wget calls throughout the script
- Convert three silent return-0 failure paths in rebuild_ffmpeg_pthread_free
(download failure, extraction failure, zero libs installed) to hard errors;
previously these allowed cmake to be invoked with a -DCITRON_FFMPEG_STATIC_DIR
pointing to a directory that was never created, producing a fatal but
misleading CMake error about a missing RELEASE file
- Gate -DCITRON_FFMPEG_STATIC_DIR in build_common_cmake_args on the
.llvm_static_built sentinel rather than FFMPEG_VERSION being set
- Add .ffmpeg_src_ready sentinel written after clean extraction; Priority 1
source cache reuse now requires this sentinel so partial extractions are
detected and wiped rather than silently reused
- Verify tarball integrity with tar -tjf before extraction
- Tighten MSYS2 path filter in CopyMinGWDeps.cmake from ([/\])msys64([/\])
to require a known system subdirectory (usr|clang64|ucrt64|mingw64|mingw32)
after msys64; previously the broad match silently excluded all Qt DLLs when
CPM_SOURCE_CACHE resided under the default MSYS2 home directory
- Replace sequential git ls-remote loop (up to 11 round-trips) for BOLT tag
discovery with a single call filtered by sort -V
- Replace grep -oP lookbehind patterns for stage sentinel reads with awk -F=
for portability across MSYS2 grep variants
Replace mbedtls entirely with OpenSSL as the single crypto dependency.
All AES-128/256 operations now dispatch through aes_ni.h at runtime:
VAES-512 → VAES-256 → SSE4 → OpenSSL EVP fallback, selected by CPUID
at first call with no global ISA flags required.
The OpenSSL fallback path in Ctr128 fires only on hardware without
AES-NI; on any x86-64 built after 2011 the intrinsic paths are taken
exclusively. All paths produce byte-identical output, verified against
NIST SP 800-38A (CTR) and SP 800-38B (CMAC) test vectors.
Changes:
- aes_ni.h: new four-tier CTR dispatch with CPUID detection via <cpuid.h>;
VAES-512/256 paths for Zen 4 / Sapphire Rapids (~19 GB/s) and
Zen 3+ / Tiger Lake+ (~15 GB/s)
- aes_util.cpp: CipherContext stores raw_key[16] for the OpenSSL fallback
- key_manager.cpp: CMAC → intrinsics, SHA-256 → EVP_Digest, bignum → BN_*
- amiibo_crypto.cpp/h: AES-CTR → intrinsics, HMAC → EVP_MAC
- xts_archive.cpp, registered_cache.cpp, nca.cpp, ro.cpp,
delivery_cache_directory_service.cpp: SHA-256/MD5 → EVP_Digest
- citron_room.cpp: base64 → EVP_EncodeBlock/EVP_DecodeBlock
- verify_user_jwt.cpp: RS256 verification → EVP_DigestVerify*
- web_service CMakeLists: drop cpp-jwt, link OpenSSL::Crypto
- dependencies.cmake: remove mbedtls and cpp-jwt CPM blocks
- externals CMakeLists: remove add_subdirectory(mbedtls)
- openssl_build.cmake: require NASM; remove no-asm
OpenSSL compiles correctly from source for Windows /Linux native and Linux to Windows cross compiling scenarios
Added -mtls-dialect=gnu2 to linux compile flags
Added commented out -march=native for easy self-compile use.
Fixed linux binary lib path resolution, so running the binaries works without AppImage packaging.