summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOtavio Salvador <otavio@ossystems.com.br>2016-05-23 17:45:25 -0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-25 07:50:17 +0100
commit0a84108e0f70da4dce24d1eae05c0d3697e0dc92 (patch)
tree43222b6108da4ae511b3b23bc799b54e750b91ec
parent1cdd9795dd71d212e01fc5a757e6c9d2b5a08770 (diff)
downloadpoky-0a84108e0f70da4dce24d1eae05c0d3697e0dc92.tar.gz
openssl: Add Shell-Script based c_rehash utility
The PLD Linux distribution has ported the c_rehash[1] utility from Perl to Shell-Script, allowing it to be shipped by default. 1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761 The OpenSSL upstream intends[2] to convert the utility for C however did not yet finished the conversion. 2. https://rt.openssl.org/Ticket/Display.html?id=2324 This patch adds this script and thus removed the Perl requirement for it. (From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl.inc9
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh210
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.2h.bb1
3 files changed, 215 insertions, 5 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index a5ddf4d4b0..668e34e600 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -36,7 +36,7 @@ PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
36FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" 36FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
37FILES_libssl = "${libdir}/libssl${SOLIBS}" 37FILES_libssl = "${libdir}/libssl${SOLIBS}"
38FILES_${PN} =+ " ${libdir}/ssl/*" 38FILES_${PN} =+ " ${libdir}/ssl/*"
39FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash" 39FILES_${PN}-misc = "${libdir}/ssl/misc"
40RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" 40RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
41 41
42# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto 42# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
@@ -168,15 +168,14 @@ do_install () {
168 install -d ${D}${includedir} 168 install -d ${D}${includedir}
169 cp --dereference -R include/openssl ${D}${includedir} 169 cp --dereference -R include/openssl ${D}${includedir}
170 170
171 install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
172 sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
173
171 oe_multilib_header openssl/opensslconf.h 174 oe_multilib_header openssl/opensslconf.h
172 if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then 175 if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
173 install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
174 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
175 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl 176 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
176 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget 177 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
177 # The c_rehash utility isn't installed by the normal installation process.
178 else 178 else
179 rm -f ${D}${bindir}/c_rehash
180 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget 179 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
181 fi 180 fi
182} 181}
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
new file mode 100644
index 0000000000..0ea22637ee
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
@@ -0,0 +1,210 @@
1#!/bin/sh
2#
3# Ben Secrest <blsecres@gmail.com>
4#
5# sh c_rehash script, scan all files in a directory
6# and add symbolic links to their hash values.
7#
8# based on the c_rehash perl script distributed with openssl
9#
10# LICENSE: See OpenSSL license
11# ^^acceptable?^^
12#
13
14# default certificate location
15DIR=/etc/openssl
16
17# for filetype bitfield
18IS_CERT=$(( 1 << 0 ))
19IS_CRL=$(( 1 << 1 ))
20
21
22# check to see if a file is a certificate file or a CRL file
23# arguments:
24# 1. the filename to be scanned
25# returns:
26# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
27#
28check_file()
29{
30 local IS_TYPE=0
31
32 # make IFS a newline so we can process grep output line by line
33 local OLDIFS=${IFS}
34 IFS=$( printf "\n" )
35
36 # XXX: could be more efficient to have two 'grep -m' but is -m portable?
37 for LINE in $( grep '^-----BEGIN .*-----' ${1} )
38 do
39 if echo ${LINE} \
40 | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
41 then
42 IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
43
44 if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
45 then
46 break
47 fi
48 elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
49 then
50 IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
51
52 if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
53 then
54 break
55 fi
56 fi
57 done
58
59 # restore IFS
60 IFS=${OLDIFS}
61
62 return ${IS_TYPE}
63}
64
65
66#
67# use openssl to fingerprint a file
68# arguments:
69# 1. the filename to fingerprint
70# 2. the method to use (x509, crl)
71# returns:
72# none
73# assumptions:
74# user will capture output from last stage of pipeline
75#
76fingerprint()
77{
78 ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
79}
80
81
82#
83# link_hash - create links to certificate files
84# arguments:
85# 1. the filename to create a link for
86# 2. the type of certificate being linked (x509, crl)
87# returns:
88# 0 on success, 1 otherwise
89#
90link_hash()
91{
92 local FINGERPRINT=$( fingerprint ${1} ${2} )
93 local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
94 local SUFFIX=0
95 local LINKFILE=''
96 local TAG=''
97
98 if [ ${2} = "crl" ]
99 then
100 TAG='r'
101 fi
102
103 LINKFILE=${HASH}.${TAG}${SUFFIX}
104
105 while [ -f ${LINKFILE} ]
106 do
107 if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
108 then
109 echo "WARNING: Skipping duplicate file ${1}" >&2
110 return 1
111 fi
112
113 SUFFIX=$(( ${SUFFIX} + 1 ))
114 LINKFILE=${HASH}.${TAG}${SUFFIX}
115 done
116
117 echo "${1} => ${LINKFILE}"
118
119 # assume any system with a POSIX shell will either support symlinks or
120 # do something to handle this gracefully
121 ln -s ${1} ${LINKFILE}
122
123 return 0
124}
125
126
127# hash_dir create hash links in a given directory
128hash_dir()
129{
130 echo "Doing ${1}"
131
132 cd ${1}
133
134 ls -1 * 2>/dev/null | while read FILE
135 do
136 if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
137 && [ -h "${FILE}" ]
138 then
139 rm ${FILE}
140 fi
141 done
142
143 ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
144 do
145 check_file ${FILE}
146 local FILE_TYPE=${?}
147 local TYPE_STR=''
148
149 if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
150 then
151 TYPE_STR='x509'
152 elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
153 then
154 TYPE_STR='crl'
155 else
156 echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
157 continue
158 fi
159
160 link_hash ${FILE} ${TYPE_STR}
161 done
162}
163
164
165# choose the name of an ssl application
166if [ -n "${OPENSSL}" ]
167then
168 SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
169else
170 SSL_CMD=/usr/bin/openssl
171 OPENSSL=${SSL_CMD}
172 export OPENSSL
173fi
174
175# fix paths
176PATH=${PATH}:${DIR}/bin
177export PATH
178
179# confirm existance/executability of ssl command
180if ! [ -x ${SSL_CMD} ]
181then
182 echo "${0}: rehashing skipped ('openssl' program not available)" >&2
183 exit 0
184fi
185
186# determine which directories to process
187old_IFS=$IFS
188if [ ${#} -gt 0 ]
189then
190 IFS=':'
191 DIRLIST=${*}
192elif [ -n "${SSL_CERT_DIR}" ]
193then
194 DIRLIST=$SSL_CERT_DIR
195else
196 DIRLIST=${DIR}/certs
197fi
198
199IFS=':'
200
201# process directories
202for CERT_DIR in ${DIRLIST}
203do
204 if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
205 then
206 IFS=$old_IFS
207 hash_dir ${CERT_DIR}
208 IFS=':'
209 fi
210done
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
index ae65992b4e..699fe62bbf 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -13,6 +13,7 @@ export OE_LDFLAGS="${LDFLAGS}"
13 13
14SRC_URI += "file://find.pl;subdir=${BP}/util/ \ 14SRC_URI += "file://find.pl;subdir=${BP}/util/ \
15 file://run-ptest \ 15 file://run-ptest \
16 file://openssl-c_rehash.sh \
16 file://configure-targets.patch \ 17 file://configure-targets.patch \
17 file://shared-libs.patch \ 18 file://shared-libs.patch \
18 file://oe-ldflags.patch \ 19 file://oe-ldflags.patch \