openssl10: Upgrade 1.0.2q -> 1.0.2r

(From OE-Core rev: 31b0f25026145b81aca2b58aada2dbc7c8b0e420) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Otavio Salvador <otavio@ossystems.com.br> 2019-03-19 13:36:52 -0300
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-03-19 23:50:41 +0000
commit: 34fa190d957f19f69ede7af68f75e3beef3fc96a (patch)
tree: 54448a0cf8111fa782d94078df6740cbda058439 /meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
parent: c9f2260820bc2e3443e3d36931d5ec9f9d739c6c (diff)
download: poky-34fa190d957f19f69ede7af68f75e3beef3fc96a.tar.gz
1 files changed, 360 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
new file mode 100644
index 0000000000..87df4f517a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
@@ -0,0 +1,360 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
+DEPENDS = "hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+           file://run-ptest \
+           file://openssl-c_rehash.sh \
+           file://configure-targets.patch \
+           file://shared-libs.patch \
+           file://oe-ldflags.patch \
+           file://engines-install-in-libdir-ssl.patch \
+           file://debian1.0.2/block_diginotar.patch \
+           file://debian1.0.2/block_digicert_malaysia.patch \
+           file://debian/c_rehash-compat.patch \
+           file://debian/debian-targets.patch \
+           file://debian/man-dir.patch \
+           file://debian/man-section.patch \
+           file://debian/no-rpath.patch \
+           file://debian/no-symbolic.patch \
+           file://debian/pic.patch \
+           file://debian1.0.2/version-script.patch \
+           file://debian1.0.2/soname.patch \
+           file://openssl_fix_for_x32.patch \
+           file://openssl-fix-des.pod-error.patch \
+           file://Makefiles-ptest.patch \
+           file://ptest-deps.patch \
+           file://ptest_makefile_deps.patch \
+           file://configure-musl-target.patch \
+           file://parallel.patch \
+           file://Use-SHA256-not-MD5-as-default-digest.patch \
+           file://0001-Fix-build-with-clang-using-external-assembler.patch \
+           file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+           file://0001-allow-manpages-to-be-disabled.patch \
+           file://0001-Fix-BN_LLONG-breakage.patch \
+           file://0001-Fix-DES_LONG-breakage.patch \
+           "
+SRC_URI_append_class-target = " \
+           file://reproducible-cflags.patch \
+           file://reproducible-mkbuildinf.patch \
+           "
+SRC_URI_append_class-nativesdk = " \
+           file://environment.d-openssl.sh \
+           "
+SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
+SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
+S = "${WORKDIR}/openssl-${PV}"
+UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
+inherit pkgconfig siteinfo multilib_header ptest manpages
+PACKAGECONFIG ?= "cryptodev-linux"
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
+PACKAGECONFIG[manpages] = ",,,"
+PACKAGECONFIG[perl] = ",,,"
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = "no-ssl3"
+EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
+export OE_LDFLAGS = "${LDFLAGS}"
+TERMIO ?= "-DTERMIO"
+TERMIO_libc-musl = "-DTERMIOS"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+         ${TERMIO} ${CFLAGS} -Wall"
+# Avoid binaries being marked as requiring an executable stack since they don't
+# (and it causes issues with SELinux)
+CFLAG += "-Wa,--noexecstack"
+CFLAG_append_class-native = " -fPIC"
+do_configure () {
+        # The crypto_use_bigint patch means that perl's bignum module needs to be
+        # installed, but some distributions (for example Fedora 23) don't ship it by
+        # default.  As the resulting error is very misleading check for bignum before
+        # building.
+        if ! perl -Mbigint -e true; then
+                bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+        fi
+        ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+        os=${HOST_OS}
+        case $os in
+        linux-gnueabi |\
+        linux-gnuspe |\
+        linux-musleabi |\
+        linux-muslspe |\
+        linux-musl )
+                os=linux
+                ;;
+        *)
+                ;;
+        esac
+        target="$os-${HOST_ARCH}"
+        case $target in
+        linux-arm)
+                target=linux-armv4
+                ;;
+        linux-armeb)
+                target=linux-elf-armeb
+                ;;
+        linux-aarch64*)
+                target=linux-aarch64
+                ;;
+        linux-sh3)
+                target=debian-sh3
+                ;;
+        linux-sh4)
+                target=debian-sh4
+                ;;
+        linux-i486)
+                target=debian-i386-i486
+                ;;
+        linux-i586 | linux-viac3)
+                target=debian-i386-i586
+                ;;
+        linux-i686)
+                target=debian-i386-i686/cmov
+                ;;
+        linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+                target=linux-x32
+                ;;
+        linux-gnu64-x86_64)
+                target=linux-x86_64
+                ;;
+        linux-gnun32-mips*el)
+                target=debian-mipsn32el
+                ;;
+        linux-gnun32-mips*)
+                target=debian-mipsn32
+                ;;
+        linux-mips*64*el)
+                target=debian-mips64el
+                ;;
+        linux-mips*64*)
+                target=debian-mips64
+                ;;
+        linux-mips*el)
+                target=debian-mipsel
+                ;;
+        linux-mips*)
+                target=debian-mips
+                ;;
+        linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
+                target=linux-generic32
+                ;;
+        linux-powerpc)
+                target=linux-ppc
+                ;;
+        linux-powerpc64)
+                target=linux-ppc64
+                ;;
+        linux-riscv32)
+                target=linux-generic32
+                ;;
+        linux-riscv64)
+                target=linux-generic64
+                ;;
+        linux-sparc | linux-supersparc)
+                target=linux-sparcv8
+                ;;
+        esac
+        # inject machine-specific flags
+        sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+        useprefix=${prefix}
+        if [ "x$useprefix" = "x" ]; then
+                useprefix=/
+        fi
+        libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
+        perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
+}
+do_compile () {
+        oe_runmake depend
+        oe_runmake
+}
+do_compile_class-target () {
+        sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+        oe_runmake depend
+        cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
+        oe_runmake CC_INFO="$cc_sanitized"
+}
+do_compile_ptest () {
+        oe_runmake buildtest
+}
+do_install () {
+        # Create ${D}/${prefix} to fix parallel issues
+        mkdir -p ${D}/${prefix}/
+        oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
+        oe_libinstall -so libcrypto ${D}${libdir}
+        oe_libinstall -so libssl ${D}${libdir}
+        install -d ${D}${includedir}
+        cp --dereference -R include/openssl ${D}${includedir}
+        oe_multilib_header openssl/opensslconf.h
+        install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+        sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+        if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+        else
+                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+        fi
+        # Create SSL structure for packages such as ca-certificates which
+        # contain hard-coded paths to /etc/ssl. Debian does the same.
+        install -d ${D}${sysconfdir}/ssl
+        mv ${D}${libdir}/ssl/certs \
+           ${D}${libdir}/ssl/private \
+           ${D}${libdir}/ssl/openssl.cnf \
+           ${D}${sysconfdir}/ssl/
+        # Although absolute symlinks would be OK for the target, they become
+        # invalid if native or nativesdk are relocated from sstate.
+        ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
+        ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
+        ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
+        # Rename man pages to prefix openssl10-*
+        for f in `find ${D}${mandir} -type f`; do
+            mv $f $(dirname $f)/openssl10-$(basename $f)
+        done
+        for f in `find ${D}${mandir} -type l`; do
+            ln_f=`readlink $f`
+            rm -f $f
+            ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
+        done
+}
+do_install_append_class-native () {
+        create_wrapper ${D}${bindir}/openssl \
+            OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+            SSL_CERT_DIR=${libdir}/ssl/certs \
+            SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+            OPENSSL_ENGINES=${libdir}/ssl/engines
+}
+do_install_append_class-nativesdk () {
+        mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+        install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+do_install_ptest () {
+        cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+        # Replace the path to native perl with the path to target perl
+        sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
+        cp Configure config e_os.h ${D}${PTEST_PATH}
+        cp -r -L include ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/crypto
+        cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+        cp -r certs ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/apps
+        ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+        ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
+        cp apps/server.pem              ${D}${PTEST_PATH}/apps
+        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+        mkdir -p ${D}${PTEST_PATH}/util
+        install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+        install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+        # Time stamps are relevant for "make alltests", otherwise
+        # make may try to recompile binaries. Not only must the
+        # binary files be newer than the sources, they also must
+        # be more recent than the header files in /usr/include.
+        #
+        # Using "cp -a" is not sufficient, because do_install
+        # does not preserve the original time stamps.
+        #
+        # So instead of using the original file stamps, we set
+        # the current time for all files. Binaries will get
+        # modified again later when stripping them, but that's okay.
+        touch ${D}${PTEST_PATH}
+        find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
+        # exclude binary files or the package won't install
+        for d in ssltest_old v3ext x509aux; do
+                rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
+        done
+        # Remove build host references
+        sed -i \
+        -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+        -e 's|${DEBUG_PREFIX_MAP}||g' \
+        ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
+}
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
+FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
+FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
+FILES_${PN} =+ "${libdir}/ssl/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto10 += "openssl10-conf"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+BBCLASSEXTEND = "native nativesdk"
+PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
+# openssl 1.0 development files and executable binaries clash with openssl 1.1
+# files when installed into target rootfs. So we don't put them into
+# packages, but they continue to be provided via target sysroot for
+# cross-compilation on the host, if some software still depends on openssl 1.0.
+openssl_package_preprocess () {
+        for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
+                rm $file
+        done
+        rm ${PKGD}${bindir}/openssl
+        rm ${PKGD}${bindir}/c_rehash
+        rmdir ${PKGD}${bindir}
+}
author	Otavio Salvador <otavio@ossystems.com.br>	2019-03-19 13:36:52 -0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-03-19 23:50:41 +0000
commit	34fa190d957f19f69ede7af68f75e3beef3fc96a (patch)
tree	54448a0cf8111fa782d94078df6740cbda058439 /meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
parent	c9f2260820bc2e3443e3d36931d5ec9f9d739c6c (diff)
download	poky-34fa190d957f19f69ede7af68f75e3beef3fc96a.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb new file mode 100644 index 0000000000..87df4f517a --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
@@ -0,0 +1,360 @@
	1	SUMMARY = "Secure Socket Layer"
	2	DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
	3	HOMEPAGE = "http://www.openssl.org/"
	4	BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
	5	SECTION = "libs/network"
	6
	7	# "openssl \| SSLeay" dual license
	8	LICENSE = "openssl"
	9	LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
	10
	11	DEPENDS = "hostperl-runtime-native"
	12	DEPENDS_append_class-target = " openssl-native"
	13
	14	SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
	15	file://run-ptest \
	16	file://openssl-c_rehash.sh \
	17	file://configure-targets.patch \
	18	file://shared-libs.patch \
	19	file://oe-ldflags.patch \
	20	file://engines-install-in-libdir-ssl.patch \
	21	file://debian1.0.2/block_diginotar.patch \
	22	file://debian1.0.2/block_digicert_malaysia.patch \
	23	file://debian/c_rehash-compat.patch \
	24	file://debian/debian-targets.patch \
	25	file://debian/man-dir.patch \
	26	file://debian/man-section.patch \
	27	file://debian/no-rpath.patch \
	28	file://debian/no-symbolic.patch \
	29	file://debian/pic.patch \
	30	file://debian1.0.2/version-script.patch \
	31	file://debian1.0.2/soname.patch \
	32	file://openssl_fix_for_x32.patch \
	33	file://openssl-fix-des.pod-error.patch \
	34	file://Makefiles-ptest.patch \
	35	file://ptest-deps.patch \
	36	file://ptest_makefile_deps.patch \
	37	file://configure-musl-target.patch \
	38	file://parallel.patch \
	39	file://Use-SHA256-not-MD5-as-default-digest.patch \
	40	file://0001-Fix-build-with-clang-using-external-assembler.patch \
	41	file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
	42	file://0001-allow-manpages-to-be-disabled.patch \
	43	file://0001-Fix-BN_LLONG-breakage.patch \
	44	file://0001-Fix-DES_LONG-breakage.patch \
	45	"
	46
	47	SRC_URI_append_class-target = " \
	48	file://reproducible-cflags.patch \
	49	file://reproducible-mkbuildinf.patch \
	50	"
	51
	52	SRC_URI_append_class-nativesdk = " \
	53	file://environment.d-openssl.sh \
	54	"
	55
	56	SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
	57	SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
	58
	59	S = "${WORKDIR}/openssl-${PV}"
	60
	61	UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
	62
	63	inherit pkgconfig siteinfo multilib_header ptest manpages
	64
	65	PACKAGECONFIG ?= "cryptodev-linux"
	66	PACKAGECONFIG_class-native = ""
	67	PACKAGECONFIG_class-nativesdk = ""
	68
	69	PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
	70	PACKAGECONFIG[manpages] = ",,,"
	71	PACKAGECONFIG[perl] = ",,,"
	72
	73	# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
	74	# vulnerability
	75	EXTRA_OECONF = "no-ssl3"
	76
	77	EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
	78
	79	export OE_LDFLAGS = "${LDFLAGS}"
	80
	81	TERMIO ?= "-DTERMIO"
	82	TERMIO_libc-musl = "-DTERMIOS"
	83	EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
	84
	85	CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
	86	${TERMIO} ${CFLAGS} -Wall"
	87
	88	# Avoid binaries being marked as requiring an executable stack since they don't
	89	# (and it causes issues with SELinux)
	90	CFLAG += "-Wa,--noexecstack"
	91
	92	CFLAG_append_class-native = " -fPIC"
	93
	94	do_configure () {
	95	# The crypto_use_bigint patch means that perl's bignum module needs to be
	96	# installed, but some distributions (for example Fedora 23) don't ship it by
	97	# default. As the resulting error is very misleading check for bignum before
	98	# building.
	99	if ! perl -Mbigint -e true; then
	100	bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
	101	fi
	102
	103	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
	104
	105	os=${HOST_OS}
	106	case $os in
	107	linux-gnueabi \|\
	108	linux-gnuspe \|\
	109	linux-musleabi \|\
	110	linux-muslspe \|\
	111	linux-musl )
	112	os=linux
	113	;;
	114	*)
	115	;;
	116	esac
	117	target="$os-${HOST_ARCH}"
	118	case $target in
	119	linux-arm)
	120	target=linux-armv4
	121	;;
	122	linux-armeb)
	123	target=linux-elf-armeb
	124	;;
	125	linux-aarch64*)
	126	target=linux-aarch64
	127	;;
	128	linux-sh3)
	129	target=debian-sh3
	130	;;
	131	linux-sh4)
	132	target=debian-sh4
	133	;;
	134	linux-i486)
	135	target=debian-i386-i486
	136	;;
	137	linux-i586 \| linux-viac3)
	138	target=debian-i386-i586
	139	;;
	140	linux-i686)
	141	target=debian-i386-i686/cmov
	142	;;
	143	linux-gnux32-x86_64 \| linux-muslx32-x86_64 )
	144	target=linux-x32
	145	;;
	146	linux-gnu64-x86_64)
	147	target=linux-x86_64
	148	;;
	149	linux-gnun32-mips*el)
	150	target=debian-mipsn32el
	151	;;
	152	linux-gnun32-mips*)
	153	target=debian-mipsn32
	154	;;
	155	linux-mips64el)
	156	target=debian-mips64el
	157	;;
	158	linux-mips64)
	159	target=debian-mips64
	160	;;
	161	linux-mips*el)
	162	target=debian-mipsel
	163	;;
	164	linux-mips*)
	165	target=debian-mips
	166	;;
	167	linux-microblaze* \| linux-nios2* \| linux-gnuilp32* \| linux-arc*)
	168	target=linux-generic32
	169	;;
	170	linux-powerpc)
	171	target=linux-ppc
	172	;;
	173	linux-powerpc64)
	174	target=linux-ppc64
	175	;;
	176	linux-riscv32)
	177	target=linux-generic32
	178	;;
	179	linux-riscv64)
	180	target=linux-generic64
	181	;;
	182	linux-sparc \| linux-supersparc)
	183	target=linux-sparcv8
	184	;;
	185	esac
	186
	187	# inject machine-specific flags
	188	sed -i -e "s\|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)\|\1:${CFLAG}\|g" Configure
	189
	190	useprefix=${prefix}
	191	if [ "x$useprefix" = "x" ]; then
	192	useprefix=/
	193	fi
	194	libdirleaf="$( echo "${libdir}" \| sed "s:^$useprefix/*::" )"
	195	perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
	196	}
	197
	198	do_compile () {
	199	oe_runmake depend
	200	oe_runmake
	201	}
	202
	203	do_compile_class-target () {
	204	sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
	205	oe_runmake depend
	206	cc_sanitized=$(echo "${CC} ${CFLAG}" \| sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's\|${DEBUG_PREFIX_MAP}\|\|g' -e 's/[ \t]\+/ /g')
	207	oe_runmake CC_INFO="$cc_sanitized"
	208	}
	209
	210	do_compile_ptest () {
	211	oe_runmake buildtest
	212	}
	213
	214	do_install () {
	215	# Create ${D}/${prefix} to fix parallel issues
	216	mkdir -p ${D}/${prefix}/
	217
	218	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
	219
	220	oe_libinstall -so libcrypto ${D}${libdir}
	221	oe_libinstall -so libssl ${D}${libdir}
	222
	223	install -d ${D}${includedir}
	224	cp --dereference -R include/openssl ${D}${includedir}
	225
	226	oe_multilib_header openssl/opensslconf.h
	227
	228	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
	229	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
	230
	231	if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
	232	sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
	233	sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
	234	else
	235	rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
	236	fi
	237
	238	# Create SSL structure for packages such as ca-certificates which
	239	# contain hard-coded paths to /etc/ssl. Debian does the same.
	240	install -d ${D}${sysconfdir}/ssl
	241	mv ${D}${libdir}/ssl/certs \
	242	${D}${libdir}/ssl/private \
	243	${D}${libdir}/ssl/openssl.cnf \
	244	${D}${sysconfdir}/ssl/
	245
	246	# Although absolute symlinks would be OK for the target, they become
	247	# invalid if native or nativesdk are relocated from sstate.
	248	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
	249	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
	250	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
	251
	252	# Rename man pages to prefix openssl10-*
	253	for f in `find ${D}${mandir} -type f`; do
	254	mv $f $(dirname $f)/openssl10-$(basename $f)
	255	done
	256	for f in `find ${D}${mandir} -type l`; do
	257	ln_f=`readlink $f`
	258	rm -f $f
	259	ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
	260	done
	261	}
	262
	263	do_install_append_class-native () {
	264	create_wrapper ${D}${bindir}/openssl \
	265	OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
	266	SSL_CERT_DIR=${libdir}/ssl/certs \
	267	SSL_CERT_FILE=${libdir}/ssl/cert.pem \
	268	OPENSSL_ENGINES=${libdir}/ssl/engines
	269	}
	270
	271	do_install_append_class-nativesdk () {
	272	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
	273	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
	274	}
	275
	276	do_install_ptest () {
	277	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
	278
	279	# Replace the path to native perl with the path to target perl
	280	sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
	281
	282	cp Configure config e_os.h ${D}${PTEST_PATH}
	283	cp -r -L include ${D}${PTEST_PATH}
	284	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
	285	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
	286	mkdir -p ${D}${PTEST_PATH}/crypto
	287	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
	288	cp -r certs ${D}${PTEST_PATH}
	289	mkdir -p ${D}${PTEST_PATH}/apps
	290	ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
	291	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
	292	ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
	293	cp apps/server.pem ${D}${PTEST_PATH}/apps
	294	cp apps/server2.pem ${D}${PTEST_PATH}/apps
	295	mkdir -p ${D}${PTEST_PATH}/util
	296	install util/opensslwrap.sh ${D}${PTEST_PATH}/util
	297	install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
	298	# Time stamps are relevant for "make alltests", otherwise
	299	# make may try to recompile binaries. Not only must the
	300	# binary files be newer than the sources, they also must
	301	# be more recent than the header files in /usr/include.
	302	#
	303	# Using "cp -a" is not sufficient, because do_install
	304	# does not preserve the original time stamps.
	305	#
	306	# So instead of using the original file stamps, we set
	307	# the current time for all files. Binaries will get
	308	# modified again later when stripping them, but that's okay.
	309	touch ${D}${PTEST_PATH}
	310	find ${D}${PTEST_PATH} -type f -print0 \| xargs --verbose -0 touch -r ${D}${PTEST_PATH}
	311
	312	# exclude binary files or the package won't install
	313	for d in ssltest_old v3ext x509aux; do
	314	rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
	315	done
	316
	317	# Remove build host references
	318	sed -i \
	319	-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
	320	-e 's\|${DEBUG_PREFIX_MAP}\|\|g' \
	321	${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
	322	}
	323
	324	# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
	325	# package RRECOMMENDS on this package. This will enable the configuration
	326	# file to be installed for both the base openssl package and the libcrypto
	327	# package since the base openssl package depends on the libcrypto package.
	328
	329	PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
	330
	331	FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
	332	FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
	333	FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
	334	FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
	335	FILES_${PN}-misc = "${libdir}/ssl/misc"
	336	FILES_${PN} =+ "${libdir}/ssl/*"
	337	FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
	338
	339	CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
	340
	341	RRECOMMENDS_libcrypto10 += "openssl10-conf"
	342	RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
	343	RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
	344
	345	BBCLASSEXTEND = "native nativesdk"
	346	PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
	347
	348	# openssl 1.0 development files and executable binaries clash with openssl 1.1
	349	# files when installed into target rootfs. So we don't put them into
	350	# packages, but they continue to be provided via target sysroot for
	351	# cross-compilation on the host, if some software still depends on openssl 1.0.
	352	openssl_package_preprocess () {
	353	for file in `find ${PKGD} -name .h -o -name .pc -o -name *.so`; do
	354	rm $file
	355	done
	356	rm ${PKGD}${bindir}/openssl
	357	rm ${PKGD}${bindir}/c_rehash
	358	rmdir ${PKGD}${bindir}
	359
	360	}