You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: llama.cpp.patches/README.md
+23-1Lines changed: 23 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -86,7 +86,29 @@ Cosmopolitan libc has specific behaviors with condition variables and signals th
86
86
|`common_log.cpp.patch`| Adds `#include <csignal>`; blocks `SIGINT`/`SIGTERM` on logger thread via `pthread_sigmask` to prevent `EINTR` exceptions; replaces `cv.wait()` with `wait_for(30s)` loop to work around XNU futex timeout bug (~72 minute expiry) |
87
87
|`tools_server_server-models.cpp.patch`| Adds `#include <csignal>`; blocks signals on the stopping thread via `pthread_sigmask`; replaces untimed `cv.wait()` with `wait_for(30s)` loops on every model-lifecycle wait (`unload_lru`, the reload-drain wait, `stopping_thread`, the `is_reloading` guard in `load`, and the generic `wait()` predicate helper) to work around the XNU futex timeout bug |
88
88
|`tools_server_server-queue.cpp.patch`| Adds missing includes (`<cerrno>`, `<system_error>`, `<csignal>`); blocks `SIGINT`/`SIGTERM` on queue thread; replaces `wait()` with `wait_for()` loops in three locations (`wait_until_no_sleep`, main loop, `recv`) |
89
-
|`vendor_cpp-httplib_httplib.cpp.patch`| Fixes httplib thread pool with `wait_for()` instead of `wait()` for XNU futex compatibility |
89
+
|`vendor_cpp-httplib_httplib.cpp.patch`| Fixes httplib thread pool with `wait_for()` instead of `wait()` for XNU futex compatibility; also see HTTPS / TLS Support below |
90
+
91
+
### HTTPS / TLS Support
92
+
93
+
Upstream llama.cpp gets TLS from cpp-httplib's OpenSSL backend
94
+
(`CPPHTTPLIB_OPENSSL_SUPPORT`, satisfied by system OpenSSL or vendored
95
+
BoringSSL/LibreSSL at cmake time). None of those is available in the
96
+
cosmocc make build, so llamafile instead enables cpp-httplib's **Mbed TLS
97
+
backend** (`CPPHTTPLIB_MBEDTLS_SUPPORT`) against the mbedtls fork already
98
+
vendored in `third_party/mbedtls` — the same TLS stack llamafile <= 0.9.3
99
+
used. `third_party/mbedtls/include/` maps the canonical `<mbedtls/*.h>`
100
+
include paths onto the fork's headers, and `BUILD.mk` sets the macro on
101
+
every object that can reach `httplib.h` (the macro changes httplib class
102
+
layouts, so all TUs must agree) and links `mbedtls.a` into `llama-server`.
103
+
This enables HTTPS model downloads (`-hf`, `--model-url`), https clients
104
+
in server-models, and TLS serving via `--ssl-cert-file`/`--ssl-key-file`.
105
+
106
+
| Patch | Description |
107
+
|-------|-------------|
108
+
|`common_http.h.patch`|`#ifndef CPPHTTPLIB_OPENSSL_SUPPORT` -> `#ifndef CPPHTTPLIB_SSL_ENABLED` for the "HTTPS is not supported" guard, so any cpp-httplib TLS backend counts (candidate for upstreaming) |
109
+
|`tools_server_server-http.cpp.patch`| Same macro fix for the `httplib::SSLServer` (`--ssl-cert-file`/`--ssl-key-file`) guard (candidate for upstreaming) |
110
+
|`tools_server_server-models.cpp.patch`| Same macro fix for the direct `httplib::SSLClient` construction in `server_http_proxy` (candidate for upstreaming) |
111
+
|`vendor_cpp-httplib_httplib.cpp.patch`| Under `__COSMOPOLITAN__`: appends `/zip/third_party/mbedtls/sslroot` to `system_ca_dirs()` as the trust-store fallback (essential on Windows hosts, where the `_WIN32` cert-store branches are not compiled into an APE), and `__static_yoink("ssl_root_support")` so the Mozilla root PEMs bundled by `third_party/mbedtls/BUILD.mk` are pulled into the executable's zip |
0 commit comments