openssl10: update to 1.0.2q

(From OE-Core rev: 03149ca307282c22dd9ceb6fe3224bf586b03f6d) (From OE-Core rev: 572865e0d0a61e2096083edc622366e4ac9a8ad0) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alex.kanavin@gmail.com> 2018-11-22 16:41:22 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-02-25 22:27:39 +0000
commit: ab1ba8137ded9f34b78976f6087f48142dee73e5 (patch)
tree: 9f591a5d89d0fc38c695a473a38d00dcfd543073 /meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
parent: 118407fb1e7011586905b59e9a1507a4e60bceab (diff)
download: poky-ab1ba8137ded9f34b78976f6087f48142dee73e5.tar.gz
1 files changed, 361 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
new file mode 100644
index 0000000000..9d67053b7a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
@@ -0,0 +1,361 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
+DEPENDS = "hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+           file://run-ptest \
+           file://openssl-c_rehash.sh \
+           file://configure-targets.patch \
+           file://shared-libs.patch \
+           file://oe-ldflags.patch \
+           file://engines-install-in-libdir-ssl.patch \
+           file://debian1.0.2/block_diginotar.patch \
+           file://debian1.0.2/block_digicert_malaysia.patch \
+           file://debian/c_rehash-compat.patch \
+           file://debian/debian-targets.patch \
+           file://debian/man-dir.patch \
+           file://debian/man-section.patch \
+           file://debian/no-rpath.patch \
+           file://debian/no-symbolic.patch \
+           file://debian/pic.patch \
+           file://debian1.0.2/version-script.patch \
+           file://debian1.0.2/soname.patch \
+           file://openssl_fix_for_x32.patch \
+           file://openssl-fix-des.pod-error.patch \
+           file://Makefiles-ptest.patch \
+           file://ptest-deps.patch \
+           file://ptest_makefile_deps.patch \
+           file://configure-musl-target.patch \
+           file://parallel.patch \
+           file://Use-SHA256-not-MD5-as-default-digest.patch \
+           file://0001-Fix-build-with-clang-using-external-assembler.patch \
+           file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+           file://0001-allow-manpages-to-be-disabled.patch \
+           "
+SRC_URI_append_class-target = " \
+           file://reproducible-cflags.patch \
+           file://reproducible-mkbuildinf.patch \
+           "
+SRC_URI_append_class-nativesdk = " \
+           file://environment.d-openssl.sh \
+           "
+SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
+SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
+S = "${WORKDIR}/openssl-${PV}"
+UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
+inherit pkgconfig siteinfo multilib_header ptest manpages
+PACKAGECONFIG ?= "cryptodev-linux"
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
+PACKAGECONFIG[manpages] = ",,,"
+PACKAGECONFIG[perl] = ",,,"
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = "no-ssl3"
+EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
+export OE_LDFLAGS = "${LDFLAGS}"
+# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
+CCACHE = ""
+TERMIO ?= "-DTERMIO"
+TERMIO_libc-musl = "-DTERMIOS"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+         ${TERMIO} ${CFLAGS} -Wall"
+# Avoid binaries being marked as requiring an executable stack since they don't
+# (and it causes issues with SELinux)
+CFLAG += "-Wa,--noexecstack"
+CFLAG_append_class-native = " -fPIC"
+do_configure () {
+        # The crypto_use_bigint patch means that perl's bignum module needs to be
+        # installed, but some distributions (for example Fedora 23) don't ship it by
+        # default.  As the resulting error is very misleading check for bignum before
+        # building.
+        if ! perl -Mbigint -e true; then
+                bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+        fi
+        ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+        os=${HOST_OS}
+        case $os in
+        linux-gnueabi |\
+        linux-gnuspe |\
+        linux-musleabi |\
+        linux-muslspe |\
+        linux-musl )
+                os=linux
+                ;;
+        *)
+                ;;
+        esac
+        target="$os-${HOST_ARCH}"
+        case $target in
+        linux-arm)
+                target=linux-armv4
+                ;;
+        linux-armeb)
+                target=linux-elf-armeb
+                ;;
+        linux-aarch64*)
+                target=linux-aarch64
+                ;;
+        linux-sh3)
+                target=debian-sh3
+                ;;
+        linux-sh4)
+                target=debian-sh4
+                ;;
+        linux-i486)
+                target=debian-i386-i486
+                ;;
+        linux-i586 | linux-viac3)
+                target=debian-i386-i586
+                ;;
+        linux-i686)
+                target=debian-i386-i686/cmov
+                ;;
+        linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+                target=linux-x32
+                ;;
+        linux-gnu64-x86_64)
+                target=linux-x86_64
+                ;;
+        linux-gnun32-mips*el)
+                target=debian-mipsn32el
+                ;;
+        linux-gnun32-mips*)
+                target=debian-mipsn32
+                ;;
+        linux-mips*64*el)
+                target=debian-mips64el
+                ;;
+        linux-mips*64*)
+                target=debian-mips64
+                ;;
+        linux-mips*el)
+                target=debian-mipsel
+                ;;
+        linux-mips*)
+                target=debian-mips
+                ;;
+        linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
+                target=linux-generic32
+                ;;
+        linux-powerpc)
+                target=linux-ppc
+                ;;
+        linux-powerpc64)
+                target=linux-ppc64
+                ;;
+        linux-riscv32)
+                target=linux-generic32
+                ;;
+        linux-riscv64)
+                target=linux-generic64
+                ;;
+        linux-sparc | linux-supersparc)
+                target=linux-sparcv8
+                ;;
+        esac
+        # inject machine-specific flags
+        sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+        useprefix=${prefix}
+        if [ "x$useprefix" = "x" ]; then
+                useprefix=/
+        fi
+        libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
+        perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
+}
+do_compile () {
+        oe_runmake depend
+        oe_runmake
+}
+do_compile_class-target () {
+        sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+        oe_runmake depend
+        cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
+        oe_runmake CC_INFO="$cc_sanitized"
+}
+do_compile_ptest () {
+        oe_runmake buildtest
+}
+do_install () {
+        # Create ${D}/${prefix} to fix parallel issues
+        mkdir -p ${D}/${prefix}/
+        oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
+        oe_libinstall -so libcrypto ${D}${libdir}
+        oe_libinstall -so libssl ${D}${libdir}
+        install -d ${D}${includedir}
+        cp --dereference -R include/openssl ${D}${includedir}
+        oe_multilib_header openssl/opensslconf.h
+        install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+        sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+        if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+        else
+                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+        fi
+        # Create SSL structure for packages such as ca-certificates which
+        # contain hard-coded paths to /etc/ssl. Debian does the same.
+        install -d ${D}${sysconfdir}/ssl
+        mv ${D}${libdir}/ssl/certs \
+           ${D}${libdir}/ssl/private \
+           ${D}${libdir}/ssl/openssl.cnf \
+           ${D}${sysconfdir}/ssl/
+        # Although absolute symlinks would be OK for the target, they become
+        # invalid if native or nativesdk are relocated from sstate.
+        ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
+        ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
+        ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
+        # Rename man pages to prefix openssl10-*
+        for f in `find ${D}${mandir} -type f`; do
+            mv $f $(dirname $f)/openssl10-$(basename $f)
+        done
+        for f in `find ${D}${mandir} -type l`; do
+            ln_f=`readlink $f`
+            rm -f $f
+            ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
+        done
+}
+do_install_append_class-native () {
+        create_wrapper ${D}${bindir}/openssl \
+            OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+            SSL_CERT_DIR=${libdir}/ssl/certs \
+            SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+            OPENSSL_ENGINES=${libdir}/ssl/engines
+}
+do_install_append_class-nativesdk () {
+        mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+        install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+do_install_ptest () {
+        cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+        # Replace the path to native perl with the path to target perl
+        sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
+        cp Configure config e_os.h ${D}${PTEST_PATH}
+        cp -r -L include ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/crypto
+        cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+        cp -r certs ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/apps
+        ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+        ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
+        cp apps/server.pem              ${D}${PTEST_PATH}/apps
+        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+        mkdir -p ${D}${PTEST_PATH}/util
+        install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+        install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+        # Time stamps are relevant for "make alltests", otherwise
+        # make may try to recompile binaries. Not only must the
+        # binary files be newer than the sources, they also must
+        # be more recent than the header files in /usr/include.
+        #
+        # Using "cp -a" is not sufficient, because do_install
+        # does not preserve the original time stamps.
+        #
+        # So instead of using the original file stamps, we set
+        # the current time for all files. Binaries will get
+        # modified again later when stripping them, but that's okay.
+        touch ${D}${PTEST_PATH}
+        find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
+        # exclude binary files or the package won't install
+        for d in ssltest_old v3ext x509aux; do
+                rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
+        done
+        # Remove build host references
+        sed -i \
+        -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+        -e 's|${DEBUG_PREFIX_MAP}||g' \
+        ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
+}
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
+FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
+FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
+FILES_${PN} =+ "${libdir}/ssl/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto10 += "openssl10-conf"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+BBCLASSEXTEND = "native nativesdk"
+PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
+# openssl 1.0 development files and executable binaries clash with openssl 1.1
+# files when installed into target rootfs. So we don't put them into
+# packages, but they continue to be provided via target sysroot for
+# cross-compilation on the host, if some software still depends on openssl 1.0.
+openssl_package_preprocess () {
+        for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
+                rm $file
+        done
+        rm ${PKGD}${bindir}/openssl
+        rm ${PKGD}${bindir}/c_rehash
+        rmdir ${PKGD}${bindir}
+}
author	Alexander Kanavin <alex.kanavin@gmail.com>	2018-11-22 16:41:22 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-02-25 22:27:39 +0000
commit	ab1ba8137ded9f34b78976f6087f48142dee73e5 (patch)
tree	9f591a5d89d0fc38c695a473a38d00dcfd543073 /meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
parent	118407fb1e7011586905b59e9a1507a4e60bceab (diff)
download	poky-ab1ba8137ded9f34b78976f6087f48142dee73e5.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb new file mode 100644 index 0000000000..9d67053b7a --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
@@ -0,0 +1,361 @@
	1	SUMMARY = "Secure Socket Layer"
	2	DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
	3	HOMEPAGE = "http://www.openssl.org/"
	4	BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
	5	SECTION = "libs/network"
	6
	7	# "openssl \| SSLeay" dual license
	8	LICENSE = "openssl"
	9	LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
	10
	11	DEPENDS = "hostperl-runtime-native"
	12	DEPENDS_append_class-target = " openssl-native"
	13
	14	SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
	15	file://run-ptest \
	16	file://openssl-c_rehash.sh \
	17	file://configure-targets.patch \
	18	file://shared-libs.patch \
	19	file://oe-ldflags.patch \
	20	file://engines-install-in-libdir-ssl.patch \
	21	file://debian1.0.2/block_diginotar.patch \
	22	file://debian1.0.2/block_digicert_malaysia.patch \
	23	file://debian/c_rehash-compat.patch \
	24	file://debian/debian-targets.patch \
	25	file://debian/man-dir.patch \
	26	file://debian/man-section.patch \
	27	file://debian/no-rpath.patch \
	28	file://debian/no-symbolic.patch \
	29	file://debian/pic.patch \
	30	file://debian1.0.2/version-script.patch \
	31	file://debian1.0.2/soname.patch \
	32	file://openssl_fix_for_x32.patch \
	33	file://openssl-fix-des.pod-error.patch \
	34	file://Makefiles-ptest.patch \
	35	file://ptest-deps.patch \
	36	file://ptest_makefile_deps.patch \
	37	file://configure-musl-target.patch \
	38	file://parallel.patch \
	39	file://Use-SHA256-not-MD5-as-default-digest.patch \
	40	file://0001-Fix-build-with-clang-using-external-assembler.patch \
	41	file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
	42	file://0001-allow-manpages-to-be-disabled.patch \
	43	"
	44
	45	SRC_URI_append_class-target = " \
	46	file://reproducible-cflags.patch \
	47	file://reproducible-mkbuildinf.patch \
	48	"
	49
	50	SRC_URI_append_class-nativesdk = " \
	51	file://environment.d-openssl.sh \
	52	"
	53
	54	SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
	55	SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
	56
	57	S = "${WORKDIR}/openssl-${PV}"
	58
	59	UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
	60
	61	inherit pkgconfig siteinfo multilib_header ptest manpages
	62
	63	PACKAGECONFIG ?= "cryptodev-linux"
	64	PACKAGECONFIG_class-native = ""
	65	PACKAGECONFIG_class-nativesdk = ""
	66
	67	PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
	68	PACKAGECONFIG[manpages] = ",,,"
	69	PACKAGECONFIG[perl] = ",,,"
	70
	71	# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
	72	# vulnerability
	73	EXTRA_OECONF = "no-ssl3"
	74
	75	EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
	76
	77	export OE_LDFLAGS = "${LDFLAGS}"
	78
	79	# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
	80	CCACHE = ""
	81
	82	TERMIO ?= "-DTERMIO"
	83	TERMIO_libc-musl = "-DTERMIOS"
	84	EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
	85
	86	CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
	87	${TERMIO} ${CFLAGS} -Wall"
	88
	89	# Avoid binaries being marked as requiring an executable stack since they don't
	90	# (and it causes issues with SELinux)
	91	CFLAG += "-Wa,--noexecstack"
	92
	93	CFLAG_append_class-native = " -fPIC"
	94
	95	do_configure () {
	96	# The crypto_use_bigint patch means that perl's bignum module needs to be
	97	# installed, but some distributions (for example Fedora 23) don't ship it by
	98	# default. As the resulting error is very misleading check for bignum before
	99	# building.
	100	if ! perl -Mbigint -e true; then
	101	bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
	102	fi
	103
	104	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
	105
	106	os=${HOST_OS}
	107	case $os in
	108	linux-gnueabi \|\
	109	linux-gnuspe \|\
	110	linux-musleabi \|\
	111	linux-muslspe \|\
	112	linux-musl )
	113	os=linux
	114	;;
	115	*)
	116	;;
	117	esac
	118	target="$os-${HOST_ARCH}"
	119	case $target in
	120	linux-arm)
	121	target=linux-armv4
	122	;;
	123	linux-armeb)
	124	target=linux-elf-armeb
	125	;;
	126	linux-aarch64*)
	127	target=linux-aarch64
	128	;;
	129	linux-sh3)
	130	target=debian-sh3
	131	;;
	132	linux-sh4)
	133	target=debian-sh4
	134	;;
	135	linux-i486)
	136	target=debian-i386-i486
	137	;;
	138	linux-i586 \| linux-viac3)
	139	target=debian-i386-i586
	140	;;
	141	linux-i686)
	142	target=debian-i386-i686/cmov
	143	;;
	144	linux-gnux32-x86_64 \| linux-muslx32-x86_64 )
	145	target=linux-x32
	146	;;
	147	linux-gnu64-x86_64)
	148	target=linux-x86_64
	149	;;
	150	linux-gnun32-mips*el)
	151	target=debian-mipsn32el
	152	;;
	153	linux-gnun32-mips*)
	154	target=debian-mipsn32
	155	;;
	156	linux-mips64el)
	157	target=debian-mips64el
	158	;;
	159	linux-mips64)
	160	target=debian-mips64
	161	;;
	162	linux-mips*el)
	163	target=debian-mipsel
	164	;;
	165	linux-mips*)
	166	target=debian-mips
	167	;;
	168	linux-microblaze* \| linux-nios2* \| linux-gnuilp32* \| linux-arc*)
	169	target=linux-generic32
	170	;;
	171	linux-powerpc)
	172	target=linux-ppc
	173	;;
	174	linux-powerpc64)
	175	target=linux-ppc64
	176	;;
	177	linux-riscv32)
	178	target=linux-generic32
	179	;;
	180	linux-riscv64)
	181	target=linux-generic64
	182	;;
	183	linux-sparc \| linux-supersparc)
	184	target=linux-sparcv8
	185	;;
	186	esac
	187
	188	# inject machine-specific flags
	189	sed -i -e "s\|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)\|\1:${CFLAG}\|g" Configure
	190
	191	useprefix=${prefix}
	192	if [ "x$useprefix" = "x" ]; then
	193	useprefix=/
	194	fi
	195	libdirleaf="$( echo "${libdir}" \| sed "s:^$useprefix/*::" )"
	196	perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
	197	}
	198
	199	do_compile () {
	200	oe_runmake depend
	201	oe_runmake
	202	}
	203
	204	do_compile_class-target () {
	205	sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
	206	oe_runmake depend
	207	cc_sanitized=$(echo "${CC} ${CFLAG}" \| sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's\|${DEBUG_PREFIX_MAP}\|\|g' -e 's/[ \t]\+/ /g')
	208	oe_runmake CC_INFO="$cc_sanitized"
	209	}
	210
	211	do_compile_ptest () {
	212	oe_runmake buildtest
	213	}
	214
	215	do_install () {
	216	# Create ${D}/${prefix} to fix parallel issues
	217	mkdir -p ${D}/${prefix}/
	218
	219	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
	220
	221	oe_libinstall -so libcrypto ${D}${libdir}
	222	oe_libinstall -so libssl ${D}${libdir}
	223
	224	install -d ${D}${includedir}
	225	cp --dereference -R include/openssl ${D}${includedir}
	226
	227	oe_multilib_header openssl/opensslconf.h
	228
	229	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
	230	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
	231
	232	if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
	233	sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
	234	sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
	235	else
	236	rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
	237	fi
	238
	239	# Create SSL structure for packages such as ca-certificates which
	240	# contain hard-coded paths to /etc/ssl. Debian does the same.
	241	install -d ${D}${sysconfdir}/ssl
	242	mv ${D}${libdir}/ssl/certs \
	243	${D}${libdir}/ssl/private \
	244	${D}${libdir}/ssl/openssl.cnf \
	245	${D}${sysconfdir}/ssl/
	246
	247	# Although absolute symlinks would be OK for the target, they become
	248	# invalid if native or nativesdk are relocated from sstate.
	249	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
	250	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
	251	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
	252
	253	# Rename man pages to prefix openssl10-*
	254	for f in `find ${D}${mandir} -type f`; do
	255	mv $f $(dirname $f)/openssl10-$(basename $f)
	256	done
	257	for f in `find ${D}${mandir} -type l`; do
	258	ln_f=`readlink $f`
	259	rm -f $f
	260	ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
	261	done
	262	}
	263
	264	do_install_append_class-native () {
	265	create_wrapper ${D}${bindir}/openssl \
	266	OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
	267	SSL_CERT_DIR=${libdir}/ssl/certs \
	268	SSL_CERT_FILE=${libdir}/ssl/cert.pem \
	269	OPENSSL_ENGINES=${libdir}/ssl/engines
	270	}
	271
	272	do_install_append_class-nativesdk () {
	273	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
	274	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
	275	}
	276
	277	do_install_ptest () {
	278	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
	279
	280	# Replace the path to native perl with the path to target perl
	281	sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
	282
	283	cp Configure config e_os.h ${D}${PTEST_PATH}
	284	cp -r -L include ${D}${PTEST_PATH}
	285	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
	286	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
	287	mkdir -p ${D}${PTEST_PATH}/crypto
	288	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
	289	cp -r certs ${D}${PTEST_PATH}
	290	mkdir -p ${D}${PTEST_PATH}/apps
	291	ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
	292	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
	293	ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
	294	cp apps/server.pem ${D}${PTEST_PATH}/apps
	295	cp apps/server2.pem ${D}${PTEST_PATH}/apps
	296	mkdir -p ${D}${PTEST_PATH}/util
	297	install util/opensslwrap.sh ${D}${PTEST_PATH}/util
	298	install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
	299	# Time stamps are relevant for "make alltests", otherwise
	300	# make may try to recompile binaries. Not only must the
	301	# binary files be newer than the sources, they also must
	302	# be more recent than the header files in /usr/include.
	303	#
	304	# Using "cp -a" is not sufficient, because do_install
	305	# does not preserve the original time stamps.
	306	#
	307	# So instead of using the original file stamps, we set
	308	# the current time for all files. Binaries will get
	309	# modified again later when stripping them, but that's okay.
	310	touch ${D}${PTEST_PATH}
	311	find ${D}${PTEST_PATH} -type f -print0 \| xargs --verbose -0 touch -r ${D}${PTEST_PATH}
	312
	313	# exclude binary files or the package won't install
	314	for d in ssltest_old v3ext x509aux; do
	315	rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
	316	done
	317
	318	# Remove build host references
	319	sed -i \
	320	-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
	321	-e 's\|${DEBUG_PREFIX_MAP}\|\|g' \
	322	${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
	323	}
	324
	325	# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
	326	# package RRECOMMENDS on this package. This will enable the configuration
	327	# file to be installed for both the base openssl package and the libcrypto
	328	# package since the base openssl package depends on the libcrypto package.
	329
	330	PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
	331
	332	FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
	333	FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
	334	FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
	335	FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
	336	FILES_${PN}-misc = "${libdir}/ssl/misc"
	337	FILES_${PN} =+ "${libdir}/ssl/*"
	338	FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
	339
	340	CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
	341
	342	RRECOMMENDS_libcrypto10 += "openssl10-conf"
	343	RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
	344	RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
	345
	346	BBCLASSEXTEND = "native nativesdk"
	347	PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
	348
	349	# openssl 1.0 development files and executable binaries clash with openssl 1.1
	350	# files when installed into target rootfs. So we don't put them into
	351	# packages, but they continue to be provided via target sysroot for
	352	# cross-compilation on the host, if some software still depends on openssl 1.0.
	353	openssl_package_preprocess () {
	354	for file in `find ${PKGD} -name .h -o -name .pc -o -name *.so`; do
	355	rm $file
	356	done
	357	rm ${PKGD}${bindir}/openssl
	358	rm ${PKGD}${bindir}/c_rehash
	359	rmdir ${PKGD}${bindir}
	360
	361	}