From c4127de63ca38ca6bdcfb8b75c84589ab887893f Mon Sep 17 00:00:00 2001 From: Cristian Bercaru Date: Mon, 14 May 2018 15:09:15 +0200 Subject: openssl-qoriq: add version 1.1.0h --- openssl-1.1.0h.patch | 409 +++++++++++++++++++++ .../openssl/openssl-qoriq/perlpath.pl | 35 ++ .../openssl/openssl-qoriq/run-ptest.new | 4 + .../openssl/openssl-qoriq_1.1.0h.bb | 79 ++++ .../openssl/openssl-qoriq_1.1.0h.inc | 267 ++++++++++++++ 5 files changed, 794 insertions(+) create mode 100644 openssl-1.1.0h.patch create mode 100755 recipes-connectivity/openssl/openssl-qoriq/perlpath.pl create mode 100644 recipes-connectivity/openssl/openssl-qoriq/run-ptest.new create mode 100644 recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb create mode 100644 recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc diff --git a/openssl-1.1.0h.patch b/openssl-1.1.0h.patch new file mode 100644 index 00000000..0cb5a1a8 --- /dev/null +++ b/openssl-1.1.0h.patch @@ -0,0 +1,409 @@ +diff --git a/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl +new file mode 100755 +index 0000000..79d4a40 +--- /dev/null ++++ b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl +@@ -0,0 +1,35 @@ ++#!/media/data/fb/daaz/p2040/tmp/work/ppce500mc-qoriq-poky-linux/openssl-qoriq/1.0.2l-r0/recipe-sysroot-native/usr/bin/perl ++# ++# modify the '#!/usr/local/bin/perl' ++# line in all scripts that rely on perl. ++# ++ ++require "find.pl"; ++ ++$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n"; ++&find("."); ++ ++sub wanted ++ { ++ return unless /\.pl$/ || /^[Cc]onfigur/; ++ ++ open(IN,"<$_") || die "unable to open $dir/$_:$!\n"; ++ @a=; ++ close(IN); ++ ++ if (-d $ARGV[0]) { ++ $a[0]="#!$ARGV[0]/perl\n"; ++ } ++ else { ++ $a[0]="#!$ARGV[0]\n"; ++ } ++ ++ # Playing it safe... ++ $new="$_.new"; ++ open(OUT,">$new") || die "unable to open $dir/$new:$!\n"; ++ print OUT @a; ++ close(OUT); ++ ++ rename($new,$_) || die "unable to rename $dir/$new:$!\n"; ++ chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n"; ++ } +diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new +new file mode 100644 +index 0000000..65c6cc7 +--- /dev/null ++++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new +@@ -0,0 +1,4 @@ ++#!/bin/sh ++cd test ++OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl ++cd .. +diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb +new file mode 100644 +index 0000000..53a2181 +--- /dev/null ++++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb +@@ -0,0 +1,79 @@ ++require openssl-qoriq_1.1.0h.inc ++ ++DISABLE_STATIC = "" ++# For target side versions of openssl enable support for OCF Linux driver ++# if they are available. ++DEPENDS += "cryptodev-linux" ++ ++CFLAGS += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" ++ ++LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" ++ ++SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24" ++ ++export DIRS = "crypto ssl apps engines" ++export OE_LDFLAGS="${LDFLAGS}" ++ ++SRC_URI = " \ ++ https://www.openssl.org/source/openssl-1.1.0h.tar.gz \ ++ file://openssl-c_rehash.sh \ ++ file://run-ptest \ ++ file://perlpath.pl \ ++ file://find.pl \ ++ file://debian/pic.patch \ ++ file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ ++ file://openssl-1.0.2a-x32-asm.patch \ ++ " ++# file://0001-Fix-build-with-clang-using-external-assembler.patch \ ++# file://Use-SHA256-not-MD5-as-default-digest.patch \ ++# file://openssl-util-perlpath.pl-cwd.patch \ ++# file://parallel.patch \ ++# file://configure-musl-target.patch \ ++# file://ptest_makefile_deps.patch \ ++# file://ptest-deps.patch \ ++# file://Makefiles-ptest.patch \ ++# file://openssl-fix-des.pod-error.patch \ ++# file://openssl_fix_for_x32.patch \ ++# file://debian1.0.2/soname.patch \ ++# file://debian1.0.2/version-script.patch \ ++# file://debian/no-symbolic.patch \ ++# file://debian/no-rpath.patch \ ++# file://debian/man-dir.patch \ ++# file://debian/man-section.patch \ ++# file://debian/debian-targets.patch \ ++# file://debian/c_rehash-compat.patch \ ++# file://debian/ca.patch \ ++# file://debian1.0.2/block_digicert_malaysia.patch \ ++# file://debian1.0.2/block_diginotar.patch \ ++# file://engines-install-in-libdir-ssl.patch \ ++# file://oe-ldflags.patch \ ++# file://shared-libs.patch \ ++# file://configure-targets.patch ++# ++ ++S = "${WORKDIR}/openssl-1.1.0h/" ++ ++PACKAGES =+ "${PN}-engines" ++ ++FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines ${libdir}/engines-1.1/*.so" ++ ++# The crypto_use_bigint patch means that perl's bignum module needs to be ++# installed, but some distributions (for example Fedora 23) don't ship it by ++# default. As the resulting error is very misleading check for bignum before ++# building. ++do_configure_prepend() { ++ mkdir -p ${S}/util/ ++ cp ${WORKDIR}/perlpath.pl ${S}/util/ ++ cp ${WORKDIR}/find.pl ${S}/util/ ++ if ! perl -Mbigint -e true; then ++ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." ++ fi ++} ++ ++do_compile_ptest_base() { ++ echo ++} ++ ++TARGET_CC_ARCH += "${LDFLAGS}" ++ ++COMPATIBLE_MACHINE = "(qoriq)" +diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc +new file mode 100644 +index 0000000..f58774f +--- /dev/null ++++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc +@@ -0,0 +1,267 @@ ++SUMMARY = "Secure Socket Layer" ++DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." ++HOMEPAGE = "http://www.openssl.org/" ++BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" ++SECTION = "libs/network" ++ ++# "openssl | SSLeay" dual license ++LICENSE = "openssl" ++LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" ++ ++DEPENDS = "makedepend-native hostperl-runtime-native" ++DEPENDS_append_class-target = " openssl-native" ++ ++PROVIDES = "openssl" ++ ++python() { ++ pkgs = d.getVar('PACKAGES', True).split() ++ for p in pkgs: ++ if 'openssl-qoriq' in p: ++ d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl')) ++ d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl')) ++ d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl')) ++} ++ ++SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/openssl;nobranch=1" ++ ++S = "${WORKDIR}/git" ++ ++PACKAGECONFIG[perl] = ",,," ++ ++TERMIO_libc-musl = "-DTERMIOS" ++TERMIO ?= "-DTERMIO" ++# Avoid binaries being marked as requiring an executable stack since it ++# doesn't(which causes and this causes issues with SELinux ++CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ ++ ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack" ++ ++export DIRS = "crypto ssl apps" ++export EX_LIBS = "-lgcc -ldl" ++export AS = "${CC} -c" ++ ++inherit pkgconfig siteinfo multilib_header ptest relative_symlinks ++ ++PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf" ++FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" ++FILES_libssl = "${libdir}/libssl${SOLIBS}" ++FILES_${PN} =+ " ${libdir}/ssl/*" ++FILES_${PN}-misc = "${libdir}/ssl/misc" ++RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ++ ++PROVIDES += "openssl10" ++ ++# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto ++# package RRECOMMENDS on this package. This will enable the configuration ++# file to be installed for both the base openssl package and the libcrypto ++# package since the base openssl package depends on the libcrypto package. ++FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf" ++CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf" ++RRECOMMENDS_libcrypto += "${PN}-conf" ++RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" ++ ++# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE ++# vulnerability ++EXTRA_OECONF = " -no-ssl3" ++ ++do_configure_prepend_darwin () { ++ sed -i -e '/version-script=openssl\.ld/d' Configure ++} ++ ++do_configure () { ++ cd util ++ perl perlpath.pl ${STAGING_BINDIR_NATIVE} ++ cd .. ++ ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ ++ ++ os=${HOST_OS} ++ case $os in ++ linux-uclibc |\ ++ linux-uclibceabi |\ ++ linux-gnueabi |\ ++ linux-uclibcspe |\ ++ linux-gnuspe |\ ++ linux-musl*) ++ os=linux ++ ;; ++ *) ++ ;; ++ esac ++ target="$os-${HOST_ARCH}" ++ case $target in ++ linux-arm) ++ target=linux-armv4 ++ ;; ++ linux-armeb) ++ target=linux-elf-armeb ++ ;; ++ linux-aarch64*) ++ target=linux-aarch64 ++ ;; ++ linux-sh3) ++ target=debian-sh3 ++ ;; ++ linux-sh4) ++ target=debian-sh4 ++ ;; ++ linux-i486) ++ target=debian-i386-i486 ++ ;; ++ linux-i586 | linux-viac3) ++ target=debian-i386-i586 ++ ;; ++ linux-i686) ++ target=debian-i386-i686/cmov ++ ;; ++ linux-gnux32-x86_64) ++ target=linux-x32 ++ ;; ++ linux-gnu64-x86_64) ++ target=linux-x86_64 ++ ;; ++ linux-gnun32-mips*el) ++ target=debian-mipsn32el ++ ;; ++ linux-gnun32-mips*) ++ target=debian-mipsn32 ++ ;; ++ linux-mips*64*el) ++ target=debian-mips64el ++ ;; ++ linux-mips*64*) ++ target=debian-mips64 ++ ;; ++ linux-mips*el) ++ target=debian-mipsel ++ ;; ++ linux-mips*) ++ target=debian-mips ++ ;; ++ linux-microblaze*|linux-nios2*) ++ target=linux-generic32 ++ ;; ++ linux-powerpc) ++ target=linux-ppc ++ ;; ++ linux-powerpc64) ++ target=linux-ppc64 ++ ;; ++ linux-supersparc) ++ target=linux-sparcv8 ++ ;; ++ linux-sparc) ++ target=linux-sparcv8 ++ ;; ++ darwin-i386) ++ target=darwin-i386-cc ++ ;; ++ esac ++ # inject machine-specific flags ++ sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure ++ useprefix=${prefix} ++ if [ "x$useprefix" = "x" ]; then ++ useprefix=/ ++ fi ++ perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target ++} ++ ++do_compile_prepend_class-target () { ++ sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile ++} ++ ++do_compile () { ++ oe_runmake depend ++ oe_runmake ++} ++ ++do_compile_ptest () { ++ # build dependencies for test directory too ++ rm -rf test/ssltest_old ++ rm -rf test/x509aux ++ rm -rf test/v3ext ++ export DIRS="$DIRS test" ++ oe_runmake depend ++ oe_runmake buildtest ++} ++ ++do_install () { ++ # Create ${D}/${prefix} to fix parallel issues ++ mkdir -p ${D}/${prefix}/ ++ ++ oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" DESTDIR="${D}" install ++ ++ oe_libinstall -so libcrypto ${D}${libdir} ++ oe_libinstall -so libssl ${D}${libdir} ++ oe_libinstall -so capi ${D}${libdir} ++ oe_libinstall -so padlock ${D}${libdir} ++ ++ install -d ${D}${includedir} ++ cp --dereference -R include/openssl ${D}${includedir} ++ ++ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash ++ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash ++ ++ oe_multilib_header openssl/opensslconf.h ++ if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then ++ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl ++ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget ++ else ++ rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget ++ fi ++ ++ # Create SSL structure ++ install -d ${D}${sysconfdir}/ssl/ ++ mv ${D}${libdir}/ssl/openssl.cnf \ ++ ${D}${libdir}/ssl/certs \ ++ ${D}${libdir}/ssl/private \ ++ \ ++ ${D}${sysconfdir}/ssl/ ++ ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs ++ ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private ++ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf ++} ++ ++do_install_ptest () { ++ # cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} ++ cp -r -L Makefile test ${D}${PTEST_PATH} ++ ++ # Replace the path to native perl with the path to target perl ++ sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile ++ ++ cp Configure config e_os.h ${D}${PTEST_PATH} ++ cp -r -L include ${D}${PTEST_PATH} ++ ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH} ++ ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} ++ mkdir -p ${D}${PTEST_PATH}/crypto ++ cp include/internal/constant_time_locl.h ${D}${PTEST_PATH}/crypto ++ cp -r demos/certs ${D}${PTEST_PATH} ++ mkdir -p ${D}${PTEST_PATH}/apps ++ ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps ++ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps ++ ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps ++ cp apps/server.pem ${D}${PTEST_PATH}/apps ++ cp apps/server2.pem ${D}${PTEST_PATH}/apps ++ mkdir -p ${D}${PTEST_PATH}/util ++ install util/opensslwrap.sh ${D}${PTEST_PATH}/util ++ install util/shlib_wrap.sh ${D}${PTEST_PATH}/util ++ # Time stamps are relevant for "make alltests", otherwise ++ # make may try to recompile binaries. Not only must the ++ # binary files be newer than the sources, they also must ++ # be more recent than the header files in /usr/include. ++ # ++ # Using "cp -a" is not sufficient, because do_install ++ # does not preserve the original time stamps. ++ # ++ # So instead of using the original file stamps, we set ++ # the current time for all files. Binaries will get ++ # modified again later when stripping them, but that's okay. ++ touch ${D}${PTEST_PATH} ++ find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} ++} ++ ++do_install_append_class-native() { ++ create_wrapper ${D}${bindir}/openssl \ ++ OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ ++ SSL_CERT_DIR=${libdir}/ssl/certs \ ++ SSL_CERT_FILE=${libdir}/ssl/cert.pem \ ++ OPENSSL_ENGINES=${libdir}/ssl/engines ++} diff --git a/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl new file mode 100755 index 00000000..79d4a406 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl @@ -0,0 +1,35 @@ +#!/media/data/fb/daaz/p2040/tmp/work/ppce500mc-qoriq-poky-linux/openssl-qoriq/1.0.2l-r0/recipe-sysroot-native/usr/bin/perl +# +# modify the '#!/usr/local/bin/perl' +# line in all scripts that rely on perl. +# + +require "find.pl"; + +$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n"; +&find("."); + +sub wanted + { + return unless /\.pl$/ || /^[Cc]onfigur/; + + open(IN,"<$_") || die "unable to open $dir/$_:$!\n"; + @a=; + close(IN); + + if (-d $ARGV[0]) { + $a[0]="#!$ARGV[0]/perl\n"; + } + else { + $a[0]="#!$ARGV[0]\n"; + } + + # Playing it safe... + $new="$_.new"; + open(OUT,">$new") || die "unable to open $dir/$new:$!\n"; + print OUT @a; + close(OUT); + + rename($new,$_) || die "unable to rename $dir/$new:$!\n"; + chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n"; + } diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new new file mode 100644 index 00000000..65c6cc7b --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new @@ -0,0 +1,4 @@ +#!/bin/sh +cd test +OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl +cd .. diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb new file mode 100644 index 00000000..53a21814 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb @@ -0,0 +1,79 @@ +require openssl-qoriq_1.1.0h.inc + +DISABLE_STATIC = "" +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAGS += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff" + +SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI = " \ + https://www.openssl.org/source/openssl-1.1.0h.tar.gz \ + file://openssl-c_rehash.sh \ + file://run-ptest \ + file://perlpath.pl \ + file://find.pl \ + file://debian/pic.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + " +# file://0001-Fix-build-with-clang-using-external-assembler.patch \ +# file://Use-SHA256-not-MD5-as-default-digest.patch \ +# file://openssl-util-perlpath.pl-cwd.patch \ +# file://parallel.patch \ +# file://configure-musl-target.patch \ +# file://ptest_makefile_deps.patch \ +# file://ptest-deps.patch \ +# file://Makefiles-ptest.patch \ +# file://openssl-fix-des.pod-error.patch \ +# file://openssl_fix_for_x32.patch \ +# file://debian1.0.2/soname.patch \ +# file://debian1.0.2/version-script.patch \ +# file://debian/no-symbolic.patch \ +# file://debian/no-rpath.patch \ +# file://debian/man-dir.patch \ +# file://debian/man-section.patch \ +# file://debian/debian-targets.patch \ +# file://debian/c_rehash-compat.patch \ +# file://debian/ca.patch \ +# file://debian1.0.2/block_digicert_malaysia.patch \ +# file://debian1.0.2/block_diginotar.patch \ +# file://engines-install-in-libdir-ssl.patch \ +# file://oe-ldflags.patch \ +# file://shared-libs.patch \ +# file://configure-targets.patch +# + +S = "${WORKDIR}/openssl-1.1.0h/" + +PACKAGES =+ "${PN}-engines" + +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines ${libdir}/engines-1.1/*.so" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + mkdir -p ${S}/util/ + cp ${WORKDIR}/perlpath.pl ${S}/util/ + cp ${WORKDIR}/find.pl ${S}/util/ + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} + +do_compile_ptest_base() { + echo +} + +TARGET_CC_ARCH += "${LDFLAGS}" + +COMPATIBLE_MACHINE = "(qoriq)" diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc new file mode 100644 index 00000000..db768084 --- /dev/null +++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc @@ -0,0 +1,267 @@ +SUMMARY = "Secure Socket Layer" +DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." +HOMEPAGE = "http://www.openssl.org/" +BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" +SECTION = "libs/network" + +# "openssl | SSLeay" dual license +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +DEPENDS = "makedepend-native hostperl-runtime-native" +DEPENDS_append_class-target = " openssl-native" + +PROVIDES = "openssl" + +python() { + pkgs = d.getVar('PACKAGES', True).split() + for p in pkgs: + if 'openssl-qoriq' in p: + d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl')) + d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl')) + d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl')) +} + +SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/openssl;nobranch=1" + +S = "${WORKDIR}/git" + +PACKAGECONFIG[perl] = ",,," + +TERMIO_libc-musl = "-DTERMIOS" +TERMIO ?= "-DTERMIO" +# Avoid binaries being marked as requiring an executable stack since it +# doesn't(which causes and this causes issues with SELinux +CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ + ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack" + +export DIRS = "crypto ssl apps" +export EX_LIBS = "-lgcc -ldl" +export AS = "${CC} -c" + +inherit pkgconfig siteinfo multilib_header ptest relative_symlinks + +PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf" +FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" +FILES_libssl = "${libdir}/libssl${SOLIBS}" +FILES_${PN} =+ " ${libdir}/ssl/*" +FILES_${PN}-misc = "${libdir}/ssl/misc" +RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" + +PROVIDES += "openssl10" + +# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto +# package RRECOMMENDS on this package. This will enable the configuration +# file to be installed for both the base openssl package and the libcrypto +# package since the base openssl package depends on the libcrypto package. +FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf" +CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf" +RRECOMMENDS_libcrypto += "${PN}-conf" +RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" + +# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE +# vulnerability +EXTRA_OECONF = " -no-ssl3" + +do_configure_prepend_darwin () { + sed -i -e '/version-script=openssl\.ld/d' Configure +} + +do_configure () { + cd util + perl perlpath.pl ${STAGING_BINDIR_NATIVE} + cd .. + ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ + + os=${HOST_OS} + case $os in + linux-uclibc |\ + linux-uclibceabi |\ + linux-gnueabi |\ + linux-uclibcspe |\ + linux-gnuspe |\ + linux-musl*) + os=linux + ;; + *) + ;; + esac + target="$os-${HOST_ARCH}" + case $target in + linux-arm) + target=linux-armv4 + ;; + linux-armeb) + target=linux-elf-armeb + ;; + linux-aarch64*) + target=linux-aarch64 + ;; + linux-sh3) + target=debian-sh3 + ;; + linux-sh4) + target=debian-sh4 + ;; + linux-i486) + target=debian-i386-i486 + ;; + linux-i586 | linux-viac3) + target=debian-i386-i586 + ;; + linux-i686) + target=debian-i386-i686/cmov + ;; + linux-gnux32-x86_64) + target=linux-x32 + ;; + linux-gnu64-x86_64) + target=linux-x86_64 + ;; + linux-gnun32-mips*el) + target=debian-mipsn32el + ;; + linux-gnun32-mips*) + target=debian-mipsn32 + ;; + linux-mips*64*el) + target=debian-mips64el + ;; + linux-mips*64*) + target=debian-mips64 + ;; + linux-mips*el) + target=debian-mipsel + ;; + linux-mips*) + target=debian-mips + ;; + linux-microblaze*|linux-nios2*) + target=linux-generic32 + ;; + linux-powerpc) + target=linux-ppc + ;; + linux-powerpc64) + target=linux-ppc64 + ;; + linux-supersparc) + target=linux-sparcv8 + ;; + linux-sparc) + target=linux-sparcv8 + ;; + darwin-i386) + target=darwin-i386-cc + ;; + esac + # inject machine-specific flags + sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure + useprefix=${prefix} + if [ "x$useprefix" = "x" ]; then + useprefix=/ + fi + perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target +} + +do_compile_prepend_class-target () { + sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile +} + +do_compile () { + oe_runmake depend + oe_runmake +} + +do_compile_ptest () { + # build dependencies for test directory too + rm -rf test/ssltest_old + rm -rf test/x509aux + rm -rf test/v3ext + export DIRS="$DIRS test" + oe_runmake depend + oe_runmake buildtest +} + +do_install () { + # Create ${D}/${prefix} to fix parallel issues + mkdir -p ${D}/${prefix}/ + + oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" DESTDIR="${D}" install + + oe_libinstall -so libcrypto ${D}${libdir} + oe_libinstall -so libssl ${D}${libdir} + oe_libinstall -so capi ${D}${libdir} + oe_libinstall -so padlock ${D}${libdir} + + install -d ${D}${includedir} + cp --dereference -R include/openssl ${D}${includedir} + + install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash + sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash + + oe_multilib_header openssl/opensslconf.h + if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl + sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget + else + rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget + fi + + # Create SSL structure + install -d ${D}${sysconfdir}/ssl/ + mv ${D}${libdir}/ssl/openssl.cnf \ + ${D}${libdir}/ssl/certs \ + ${D}${libdir}/ssl/private \ + \ + ${D}${sysconfdir}/ssl/ + ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs + ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf +} + +do_install_ptest () { + # cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} + cp -r -L Makefile test ${D}${PTEST_PATH} + + # Replace the path to native perl with the path to target perl + sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile + + cp Configure config e_os.h ${D}${PTEST_PATH} + cp -r -L include ${D}${PTEST_PATH} + ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH} + ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/crypto + cp include/internal/constant_time_locl.h ${D}${PTEST_PATH}/crypto + cp -r demos/certs ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/apps + ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps + ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps + cp apps/server.pem ${D}${PTEST_PATH}/apps + cp apps/server2.pem ${D}${PTEST_PATH}/apps + mkdir -p ${D}${PTEST_PATH}/util + install util/opensslwrap.sh ${D}${PTEST_PATH}/util + install util/shlib_wrap.sh ${D}${PTEST_PATH}/util + # Time stamps are relevant for "make alltests", otherwise + # make may try to recompile binaries. Not only must the + # binary files be newer than the sources, they also must + # be more recent than the header files in /usr/include. + # + # Using "cp -a" is not sufficient, because do_install + # does not preserve the original time stamps. + # + # So instead of using the original file stamps, we set + # the current time for all files. Binaries will get + # modified again later when stripping them, but that's okay. + touch ${D}${PTEST_PATH} + find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} +} + +do_install_append_class-native() { + create_wrapper ${D}${bindir}/openssl \ + OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ + SSL_CERT_DIR=${libdir}/ssl/certs \ + SSL_CERT_FILE=${libdir}/ssl/cert.pem \ + OPENSSL_ENGINES=${libdir}/ssl/engines +} -- cgit v1.2.3-54-g00ecf