diff options
author | Otavio Salvador <otavio@ossystems.com.br> | 2016-05-23 17:45:25 -0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-25 07:50:17 +0100 |
commit | 0a84108e0f70da4dce24d1eae05c0d3697e0dc92 (patch) | |
tree | 43222b6108da4ae511b3b23bc799b54e750b91ec | |
parent | 1cdd9795dd71d212e01fc5a757e6c9d2b5a08770 (diff) | |
download | poky-0a84108e0f70da4dce24d1eae05c0d3697e0dc92.tar.gz |
openssl: Add Shell-Script based c_rehash utility
The PLD Linux distribution has ported the c_rehash[1] utility from Perl
to Shell-Script, allowing it to be shipped by default.
1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761
The OpenSSL upstream intends[2] to convert the utility for C however
did not yet finished the conversion.
2. https://rt.openssl.org/Ticket/Display.html?id=2324
This patch adds this script and thus removed the Perl requirement for
it.
(From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl.inc | 9 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh | 210 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.2h.bb | 1 |
3 files changed, 215 insertions, 5 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index a5ddf4d4b0..668e34e600 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc | |||
@@ -36,7 +36,7 @@ PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf" | |||
36 | FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" | 36 | FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" |
37 | FILES_libssl = "${libdir}/libssl${SOLIBS}" | 37 | FILES_libssl = "${libdir}/libssl${SOLIBS}" |
38 | FILES_${PN} =+ " ${libdir}/ssl/*" | 38 | FILES_${PN} =+ " ${libdir}/ssl/*" |
39 | FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash" | 39 | FILES_${PN}-misc = "${libdir}/ssl/misc" |
40 | RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" | 40 | RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" |
41 | 41 | ||
42 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto | 42 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto |
@@ -168,15 +168,14 @@ do_install () { | |||
168 | install -d ${D}${includedir} | 168 | install -d ${D}${includedir} |
169 | cp --dereference -R include/openssl ${D}${includedir} | 169 | cp --dereference -R include/openssl ${D}${includedir} |
170 | 170 | ||
171 | install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash | ||
172 | sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash | ||
173 | |||
171 | oe_multilib_header openssl/opensslconf.h | 174 | oe_multilib_header openssl/opensslconf.h |
172 | if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then | 175 | if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then |
173 | install -m 0755 ${S}/tools/c_rehash ${D}${bindir} | ||
174 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash | ||
175 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl | 176 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl |
176 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget | 177 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget |
177 | # The c_rehash utility isn't installed by the normal installation process. | ||
178 | else | 178 | else |
179 | rm -f ${D}${bindir}/c_rehash | ||
180 | rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget | 179 | rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget |
181 | fi | 180 | fi |
182 | } | 181 | } |
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh new file mode 100644 index 0000000000..0ea22637ee --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh | |||
@@ -0,0 +1,210 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # Ben Secrest <blsecres@gmail.com> | ||
4 | # | ||
5 | # sh c_rehash script, scan all files in a directory | ||
6 | # and add symbolic links to their hash values. | ||
7 | # | ||
8 | # based on the c_rehash perl script distributed with openssl | ||
9 | # | ||
10 | # LICENSE: See OpenSSL license | ||
11 | # ^^acceptable?^^ | ||
12 | # | ||
13 | |||
14 | # default certificate location | ||
15 | DIR=/etc/openssl | ||
16 | |||
17 | # for filetype bitfield | ||
18 | IS_CERT=$(( 1 << 0 )) | ||
19 | IS_CRL=$(( 1 << 1 )) | ||
20 | |||
21 | |||
22 | # check to see if a file is a certificate file or a CRL file | ||
23 | # arguments: | ||
24 | # 1. the filename to be scanned | ||
25 | # returns: | ||
26 | # bitfield of file type; uses ${IS_CERT} and ${IS_CRL} | ||
27 | # | ||
28 | check_file() | ||
29 | { | ||
30 | local IS_TYPE=0 | ||
31 | |||
32 | # make IFS a newline so we can process grep output line by line | ||
33 | local OLDIFS=${IFS} | ||
34 | IFS=$( printf "\n" ) | ||
35 | |||
36 | # XXX: could be more efficient to have two 'grep -m' but is -m portable? | ||
37 | for LINE in $( grep '^-----BEGIN .*-----' ${1} ) | ||
38 | do | ||
39 | if echo ${LINE} \ | ||
40 | | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' | ||
41 | then | ||
42 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) | ||
43 | |||
44 | if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
45 | then | ||
46 | break | ||
47 | fi | ||
48 | elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' | ||
49 | then | ||
50 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) | ||
51 | |||
52 | if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
53 | then | ||
54 | break | ||
55 | fi | ||
56 | fi | ||
57 | done | ||
58 | |||
59 | # restore IFS | ||
60 | IFS=${OLDIFS} | ||
61 | |||
62 | return ${IS_TYPE} | ||
63 | } | ||
64 | |||
65 | |||
66 | # | ||
67 | # use openssl to fingerprint a file | ||
68 | # arguments: | ||
69 | # 1. the filename to fingerprint | ||
70 | # 2. the method to use (x509, crl) | ||
71 | # returns: | ||
72 | # none | ||
73 | # assumptions: | ||
74 | # user will capture output from last stage of pipeline | ||
75 | # | ||
76 | fingerprint() | ||
77 | { | ||
78 | ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' | ||
79 | } | ||
80 | |||
81 | |||
82 | # | ||
83 | # link_hash - create links to certificate files | ||
84 | # arguments: | ||
85 | # 1. the filename to create a link for | ||
86 | # 2. the type of certificate being linked (x509, crl) | ||
87 | # returns: | ||
88 | # 0 on success, 1 otherwise | ||
89 | # | ||
90 | link_hash() | ||
91 | { | ||
92 | local FINGERPRINT=$( fingerprint ${1} ${2} ) | ||
93 | local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) | ||
94 | local SUFFIX=0 | ||
95 | local LINKFILE='' | ||
96 | local TAG='' | ||
97 | |||
98 | if [ ${2} = "crl" ] | ||
99 | then | ||
100 | TAG='r' | ||
101 | fi | ||
102 | |||
103 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
104 | |||
105 | while [ -f ${LINKFILE} ] | ||
106 | do | ||
107 | if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] | ||
108 | then | ||
109 | echo "WARNING: Skipping duplicate file ${1}" >&2 | ||
110 | return 1 | ||
111 | fi | ||
112 | |||
113 | SUFFIX=$(( ${SUFFIX} + 1 )) | ||
114 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
115 | done | ||
116 | |||
117 | echo "${1} => ${LINKFILE}" | ||
118 | |||
119 | # assume any system with a POSIX shell will either support symlinks or | ||
120 | # do something to handle this gracefully | ||
121 | ln -s ${1} ${LINKFILE} | ||
122 | |||
123 | return 0 | ||
124 | } | ||
125 | |||
126 | |||
127 | # hash_dir create hash links in a given directory | ||
128 | hash_dir() | ||
129 | { | ||
130 | echo "Doing ${1}" | ||
131 | |||
132 | cd ${1} | ||
133 | |||
134 | ls -1 * 2>/dev/null | while read FILE | ||
135 | do | ||
136 | if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ | ||
137 | && [ -h "${FILE}" ] | ||
138 | then | ||
139 | rm ${FILE} | ||
140 | fi | ||
141 | done | ||
142 | |||
143 | ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE | ||
144 | do | ||
145 | check_file ${FILE} | ||
146 | local FILE_TYPE=${?} | ||
147 | local TYPE_STR='' | ||
148 | |||
149 | if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
150 | then | ||
151 | TYPE_STR='x509' | ||
152 | elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
153 | then | ||
154 | TYPE_STR='crl' | ||
155 | else | ||
156 | echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2 | ||
157 | continue | ||
158 | fi | ||
159 | |||
160 | link_hash ${FILE} ${TYPE_STR} | ||
161 | done | ||
162 | } | ||
163 | |||
164 | |||
165 | # choose the name of an ssl application | ||
166 | if [ -n "${OPENSSL}" ] | ||
167 | then | ||
168 | SSL_CMD=$(which ${OPENSSL} 2>/dev/null) | ||
169 | else | ||
170 | SSL_CMD=/usr/bin/openssl | ||
171 | OPENSSL=${SSL_CMD} | ||
172 | export OPENSSL | ||
173 | fi | ||
174 | |||
175 | # fix paths | ||
176 | PATH=${PATH}:${DIR}/bin | ||
177 | export PATH | ||
178 | |||
179 | # confirm existance/executability of ssl command | ||
180 | if ! [ -x ${SSL_CMD} ] | ||
181 | then | ||
182 | echo "${0}: rehashing skipped ('openssl' program not available)" >&2 | ||
183 | exit 0 | ||
184 | fi | ||
185 | |||
186 | # determine which directories to process | ||
187 | old_IFS=$IFS | ||
188 | if [ ${#} -gt 0 ] | ||
189 | then | ||
190 | IFS=':' | ||
191 | DIRLIST=${*} | ||
192 | elif [ -n "${SSL_CERT_DIR}" ] | ||
193 | then | ||
194 | DIRLIST=$SSL_CERT_DIR | ||
195 | else | ||
196 | DIRLIST=${DIR}/certs | ||
197 | fi | ||
198 | |||
199 | IFS=':' | ||
200 | |||
201 | # process directories | ||
202 | for CERT_DIR in ${DIRLIST} | ||
203 | do | ||
204 | if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] | ||
205 | then | ||
206 | IFS=$old_IFS | ||
207 | hash_dir ${CERT_DIR} | ||
208 | IFS=':' | ||
209 | fi | ||
210 | done | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb index ae65992b4e..699fe62bbf 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb | |||
@@ -13,6 +13,7 @@ export OE_LDFLAGS="${LDFLAGS}" | |||
13 | 13 | ||
14 | SRC_URI += "file://find.pl;subdir=${BP}/util/ \ | 14 | SRC_URI += "file://find.pl;subdir=${BP}/util/ \ |
15 | file://run-ptest \ | 15 | file://run-ptest \ |
16 | file://openssl-c_rehash.sh \ | ||
16 | file://configure-targets.patch \ | 17 | file://configure-targets.patch \ |
17 | file://shared-libs.patch \ | 18 | file://shared-libs.patch \ |
18 | file://oe-ldflags.patch \ | 19 | file://oe-ldflags.patch \ |