summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
diff options
context:
space:
mode:
authorAlexander Kanavin <alex.kanavin@gmail.com>2018-11-22 16:41:22 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-02-25 22:27:39 +0000
commitab1ba8137ded9f34b78976f6087f48142dee73e5 (patch)
tree9f591a5d89d0fc38c695a473a38d00dcfd543073 /meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
parent118407fb1e7011586905b59e9a1507a4e60bceab (diff)
downloadpoky-ab1ba8137ded9f34b78976f6087f48142dee73e5.tar.gz
openssl10: update to 1.0.2q
(From OE-Core rev: 03149ca307282c22dd9ceb6fe3224bf586b03f6d) (From OE-Core rev: 572865e0d0a61e2096083edc622366e4ac9a8ad0) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb')
-rw-r--r--meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb361
1 files changed, 361 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
new file mode 100644
index 0000000000..9d67053b7a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
@@ -0,0 +1,361 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7# "openssl | SSLeay" dual license
8LICENSE = "openssl"
9LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
10
11DEPENDS = "hostperl-runtime-native"
12DEPENDS_append_class-target = " openssl-native"
13
14SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
15 file://run-ptest \
16 file://openssl-c_rehash.sh \
17 file://configure-targets.patch \
18 file://shared-libs.patch \
19 file://oe-ldflags.patch \
20 file://engines-install-in-libdir-ssl.patch \
21 file://debian1.0.2/block_diginotar.patch \
22 file://debian1.0.2/block_digicert_malaysia.patch \
23 file://debian/c_rehash-compat.patch \
24 file://debian/debian-targets.patch \
25 file://debian/man-dir.patch \
26 file://debian/man-section.patch \
27 file://debian/no-rpath.patch \
28 file://debian/no-symbolic.patch \
29 file://debian/pic.patch \
30 file://debian1.0.2/version-script.patch \
31 file://debian1.0.2/soname.patch \
32 file://openssl_fix_for_x32.patch \
33 file://openssl-fix-des.pod-error.patch \
34 file://Makefiles-ptest.patch \
35 file://ptest-deps.patch \
36 file://ptest_makefile_deps.patch \
37 file://configure-musl-target.patch \
38 file://parallel.patch \
39 file://Use-SHA256-not-MD5-as-default-digest.patch \
40 file://0001-Fix-build-with-clang-using-external-assembler.patch \
41 file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
42 file://0001-allow-manpages-to-be-disabled.patch \
43 "
44
45SRC_URI_append_class-target = " \
46 file://reproducible-cflags.patch \
47 file://reproducible-mkbuildinf.patch \
48 "
49
50SRC_URI_append_class-nativesdk = " \
51 file://environment.d-openssl.sh \
52 "
53
54SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
55SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
56
57S = "${WORKDIR}/openssl-${PV}"
58
59UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
60
61inherit pkgconfig siteinfo multilib_header ptest manpages
62
63PACKAGECONFIG ?= "cryptodev-linux"
64PACKAGECONFIG_class-native = ""
65PACKAGECONFIG_class-nativesdk = ""
66
67PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
68PACKAGECONFIG[manpages] = ",,,"
69PACKAGECONFIG[perl] = ",,,"
70
71# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
72# vulnerability
73EXTRA_OECONF = "no-ssl3"
74
75EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
76
77export OE_LDFLAGS = "${LDFLAGS}"
78
79# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
80CCACHE = ""
81
82TERMIO ?= "-DTERMIO"
83TERMIO_libc-musl = "-DTERMIOS"
84EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
85
86CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
87 ${TERMIO} ${CFLAGS} -Wall"
88
89# Avoid binaries being marked as requiring an executable stack since they don't
90# (and it causes issues with SELinux)
91CFLAG += "-Wa,--noexecstack"
92
93CFLAG_append_class-native = " -fPIC"
94
95do_configure () {
96 # The crypto_use_bigint patch means that perl's bignum module needs to be
97 # installed, but some distributions (for example Fedora 23) don't ship it by
98 # default. As the resulting error is very misleading check for bignum before
99 # building.
100 if ! perl -Mbigint -e true; then
101 bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
102 fi
103
104 ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
105
106 os=${HOST_OS}
107 case $os in
108 linux-gnueabi |\
109 linux-gnuspe |\
110 linux-musleabi |\
111 linux-muslspe |\
112 linux-musl )
113 os=linux
114 ;;
115 *)
116 ;;
117 esac
118 target="$os-${HOST_ARCH}"
119 case $target in
120 linux-arm)
121 target=linux-armv4
122 ;;
123 linux-armeb)
124 target=linux-elf-armeb
125 ;;
126 linux-aarch64*)
127 target=linux-aarch64
128 ;;
129 linux-sh3)
130 target=debian-sh3
131 ;;
132 linux-sh4)
133 target=debian-sh4
134 ;;
135 linux-i486)
136 target=debian-i386-i486
137 ;;
138 linux-i586 | linux-viac3)
139 target=debian-i386-i586
140 ;;
141 linux-i686)
142 target=debian-i386-i686/cmov
143 ;;
144 linux-gnux32-x86_64 | linux-muslx32-x86_64 )
145 target=linux-x32
146 ;;
147 linux-gnu64-x86_64)
148 target=linux-x86_64
149 ;;
150 linux-gnun32-mips*el)
151 target=debian-mipsn32el
152 ;;
153 linux-gnun32-mips*)
154 target=debian-mipsn32
155 ;;
156 linux-mips*64*el)
157 target=debian-mips64el
158 ;;
159 linux-mips*64*)
160 target=debian-mips64
161 ;;
162 linux-mips*el)
163 target=debian-mipsel
164 ;;
165 linux-mips*)
166 target=debian-mips
167 ;;
168 linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
169 target=linux-generic32
170 ;;
171 linux-powerpc)
172 target=linux-ppc
173 ;;
174 linux-powerpc64)
175 target=linux-ppc64
176 ;;
177 linux-riscv32)
178 target=linux-generic32
179 ;;
180 linux-riscv64)
181 target=linux-generic64
182 ;;
183 linux-sparc | linux-supersparc)
184 target=linux-sparcv8
185 ;;
186 esac
187
188 # inject machine-specific flags
189 sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
190
191 useprefix=${prefix}
192 if [ "x$useprefix" = "x" ]; then
193 useprefix=/
194 fi
195 libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
196 perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
197}
198
199do_compile () {
200 oe_runmake depend
201 oe_runmake
202}
203
204do_compile_class-target () {
205 sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
206 oe_runmake depend
207 cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
208 oe_runmake CC_INFO="$cc_sanitized"
209}
210
211do_compile_ptest () {
212 oe_runmake buildtest
213}
214
215do_install () {
216 # Create ${D}/${prefix} to fix parallel issues
217 mkdir -p ${D}/${prefix}/
218
219 oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
220
221 oe_libinstall -so libcrypto ${D}${libdir}
222 oe_libinstall -so libssl ${D}${libdir}
223
224 install -d ${D}${includedir}
225 cp --dereference -R include/openssl ${D}${includedir}
226
227 oe_multilib_header openssl/opensslconf.h
228
229 install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
230 sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
231
232 if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
233 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
234 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
235 else
236 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
237 fi
238
239 # Create SSL structure for packages such as ca-certificates which
240 # contain hard-coded paths to /etc/ssl. Debian does the same.
241 install -d ${D}${sysconfdir}/ssl
242 mv ${D}${libdir}/ssl/certs \
243 ${D}${libdir}/ssl/private \
244 ${D}${libdir}/ssl/openssl.cnf \
245 ${D}${sysconfdir}/ssl/
246
247 # Although absolute symlinks would be OK for the target, they become
248 # invalid if native or nativesdk are relocated from sstate.
249 ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
250 ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
251 ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
252
253 # Rename man pages to prefix openssl10-*
254 for f in `find ${D}${mandir} -type f`; do
255 mv $f $(dirname $f)/openssl10-$(basename $f)
256 done
257 for f in `find ${D}${mandir} -type l`; do
258 ln_f=`readlink $f`
259 rm -f $f
260 ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
261 done
262}
263
264do_install_append_class-native () {
265 create_wrapper ${D}${bindir}/openssl \
266 OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
267 SSL_CERT_DIR=${libdir}/ssl/certs \
268 SSL_CERT_FILE=${libdir}/ssl/cert.pem \
269 OPENSSL_ENGINES=${libdir}/ssl/engines
270}
271
272do_install_append_class-nativesdk () {
273 mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
274 install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
275}
276
277do_install_ptest () {
278 cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
279
280 # Replace the path to native perl with the path to target perl
281 sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
282
283 cp Configure config e_os.h ${D}${PTEST_PATH}
284 cp -r -L include ${D}${PTEST_PATH}
285 ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
286 ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
287 mkdir -p ${D}${PTEST_PATH}/crypto
288 cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
289 cp -r certs ${D}${PTEST_PATH}
290 mkdir -p ${D}${PTEST_PATH}/apps
291 ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
292 ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
293 ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
294 cp apps/server.pem ${D}${PTEST_PATH}/apps
295 cp apps/server2.pem ${D}${PTEST_PATH}/apps
296 mkdir -p ${D}${PTEST_PATH}/util
297 install util/opensslwrap.sh ${D}${PTEST_PATH}/util
298 install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
299 # Time stamps are relevant for "make alltests", otherwise
300 # make may try to recompile binaries. Not only must the
301 # binary files be newer than the sources, they also must
302 # be more recent than the header files in /usr/include.
303 #
304 # Using "cp -a" is not sufficient, because do_install
305 # does not preserve the original time stamps.
306 #
307 # So instead of using the original file stamps, we set
308 # the current time for all files. Binaries will get
309 # modified again later when stripping them, but that's okay.
310 touch ${D}${PTEST_PATH}
311 find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
312
313 # exclude binary files or the package won't install
314 for d in ssltest_old v3ext x509aux; do
315 rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
316 done
317
318 # Remove build host references
319 sed -i \
320 -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
321 -e 's|${DEBUG_PREFIX_MAP}||g' \
322 ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
323}
324
325# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
326# package RRECOMMENDS on this package. This will enable the configuration
327# file to be installed for both the base openssl package and the libcrypto
328# package since the base openssl package depends on the libcrypto package.
329
330PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
331
332FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
333FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
334FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
335FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
336FILES_${PN}-misc = "${libdir}/ssl/misc"
337FILES_${PN} =+ "${libdir}/ssl/*"
338FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
339
340CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
341
342RRECOMMENDS_libcrypto10 += "openssl10-conf"
343RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
344RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
345
346BBCLASSEXTEND = "native nativesdk"
347PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
348
349# openssl 1.0 development files and executable binaries clash with openssl 1.1
350# files when installed into target rootfs. So we don't put them into
351# packages, but they continue to be provided via target sysroot for
352# cross-compilation on the host, if some software still depends on openssl 1.0.
353openssl_package_preprocess () {
354 for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
355 rm $file
356 done
357 rm ${PKGD}${bindir}/openssl
358 rm ${PKGD}${bindir}/c_rehash
359 rmdir ${PKGD}${bindir}
360
361}