summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
diff options
context:
space:
mode:
authorOtavio Salvador <otavio@ossystems.com.br>2019-03-19 13:36:52 -0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-03-19 23:50:41 +0000
commit34fa190d957f19f69ede7af68f75e3beef3fc96a (patch)
tree54448a0cf8111fa782d94078df6740cbda058439 /meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
parentc9f2260820bc2e3443e3d36931d5ec9f9d739c6c (diff)
downloadpoky-34fa190d957f19f69ede7af68f75e3beef3fc96a.tar.gz
openssl10: Upgrade 1.0.2q -> 1.0.2r
(From OE-Core rev: 31b0f25026145b81aca2b58aada2dbc7c8b0e420) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb')
-rw-r--r--meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb360
1 files changed, 360 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
new file mode 100644
index 0000000000..87df4f517a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
@@ -0,0 +1,360 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7# "openssl | SSLeay" dual license
8LICENSE = "openssl"
9LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
10
11DEPENDS = "hostperl-runtime-native"
12DEPENDS_append_class-target = " openssl-native"
13
14SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
15 file://run-ptest \
16 file://openssl-c_rehash.sh \
17 file://configure-targets.patch \
18 file://shared-libs.patch \
19 file://oe-ldflags.patch \
20 file://engines-install-in-libdir-ssl.patch \
21 file://debian1.0.2/block_diginotar.patch \
22 file://debian1.0.2/block_digicert_malaysia.patch \
23 file://debian/c_rehash-compat.patch \
24 file://debian/debian-targets.patch \
25 file://debian/man-dir.patch \
26 file://debian/man-section.patch \
27 file://debian/no-rpath.patch \
28 file://debian/no-symbolic.patch \
29 file://debian/pic.patch \
30 file://debian1.0.2/version-script.patch \
31 file://debian1.0.2/soname.patch \
32 file://openssl_fix_for_x32.patch \
33 file://openssl-fix-des.pod-error.patch \
34 file://Makefiles-ptest.patch \
35 file://ptest-deps.patch \
36 file://ptest_makefile_deps.patch \
37 file://configure-musl-target.patch \
38 file://parallel.patch \
39 file://Use-SHA256-not-MD5-as-default-digest.patch \
40 file://0001-Fix-build-with-clang-using-external-assembler.patch \
41 file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
42 file://0001-allow-manpages-to-be-disabled.patch \
43 file://0001-Fix-BN_LLONG-breakage.patch \
44 file://0001-Fix-DES_LONG-breakage.patch \
45 "
46
47SRC_URI_append_class-target = " \
48 file://reproducible-cflags.patch \
49 file://reproducible-mkbuildinf.patch \
50 "
51
52SRC_URI_append_class-nativesdk = " \
53 file://environment.d-openssl.sh \
54 "
55
56SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
57SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
58
59S = "${WORKDIR}/openssl-${PV}"
60
61UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
62
63inherit pkgconfig siteinfo multilib_header ptest manpages
64
65PACKAGECONFIG ?= "cryptodev-linux"
66PACKAGECONFIG_class-native = ""
67PACKAGECONFIG_class-nativesdk = ""
68
69PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
70PACKAGECONFIG[manpages] = ",,,"
71PACKAGECONFIG[perl] = ",,,"
72
73# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
74# vulnerability
75EXTRA_OECONF = "no-ssl3"
76
77EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
78
79export OE_LDFLAGS = "${LDFLAGS}"
80
81TERMIO ?= "-DTERMIO"
82TERMIO_libc-musl = "-DTERMIOS"
83EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
84
85CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
86 ${TERMIO} ${CFLAGS} -Wall"
87
88# Avoid binaries being marked as requiring an executable stack since they don't
89# (and it causes issues with SELinux)
90CFLAG += "-Wa,--noexecstack"
91
92CFLAG_append_class-native = " -fPIC"
93
94do_configure () {
95 # The crypto_use_bigint patch means that perl's bignum module needs to be
96 # installed, but some distributions (for example Fedora 23) don't ship it by
97 # default. As the resulting error is very misleading check for bignum before
98 # building.
99 if ! perl -Mbigint -e true; then
100 bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
101 fi
102
103 ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
104
105 os=${HOST_OS}
106 case $os in
107 linux-gnueabi |\
108 linux-gnuspe |\
109 linux-musleabi |\
110 linux-muslspe |\
111 linux-musl )
112 os=linux
113 ;;
114 *)
115 ;;
116 esac
117 target="$os-${HOST_ARCH}"
118 case $target in
119 linux-arm)
120 target=linux-armv4
121 ;;
122 linux-armeb)
123 target=linux-elf-armeb
124 ;;
125 linux-aarch64*)
126 target=linux-aarch64
127 ;;
128 linux-sh3)
129 target=debian-sh3
130 ;;
131 linux-sh4)
132 target=debian-sh4
133 ;;
134 linux-i486)
135 target=debian-i386-i486
136 ;;
137 linux-i586 | linux-viac3)
138 target=debian-i386-i586
139 ;;
140 linux-i686)
141 target=debian-i386-i686/cmov
142 ;;
143 linux-gnux32-x86_64 | linux-muslx32-x86_64 )
144 target=linux-x32
145 ;;
146 linux-gnu64-x86_64)
147 target=linux-x86_64
148 ;;
149 linux-gnun32-mips*el)
150 target=debian-mipsn32el
151 ;;
152 linux-gnun32-mips*)
153 target=debian-mipsn32
154 ;;
155 linux-mips*64*el)
156 target=debian-mips64el
157 ;;
158 linux-mips*64*)
159 target=debian-mips64
160 ;;
161 linux-mips*el)
162 target=debian-mipsel
163 ;;
164 linux-mips*)
165 target=debian-mips
166 ;;
167 linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
168 target=linux-generic32
169 ;;
170 linux-powerpc)
171 target=linux-ppc
172 ;;
173 linux-powerpc64)
174 target=linux-ppc64
175 ;;
176 linux-riscv32)
177 target=linux-generic32
178 ;;
179 linux-riscv64)
180 target=linux-generic64
181 ;;
182 linux-sparc | linux-supersparc)
183 target=linux-sparcv8
184 ;;
185 esac
186
187 # inject machine-specific flags
188 sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
189
190 useprefix=${prefix}
191 if [ "x$useprefix" = "x" ]; then
192 useprefix=/
193 fi
194 libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
195 perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
196}
197
198do_compile () {
199 oe_runmake depend
200 oe_runmake
201}
202
203do_compile_class-target () {
204 sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
205 oe_runmake depend
206 cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
207 oe_runmake CC_INFO="$cc_sanitized"
208}
209
210do_compile_ptest () {
211 oe_runmake buildtest
212}
213
214do_install () {
215 # Create ${D}/${prefix} to fix parallel issues
216 mkdir -p ${D}/${prefix}/
217
218 oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
219
220 oe_libinstall -so libcrypto ${D}${libdir}
221 oe_libinstall -so libssl ${D}${libdir}
222
223 install -d ${D}${includedir}
224 cp --dereference -R include/openssl ${D}${includedir}
225
226 oe_multilib_header openssl/opensslconf.h
227
228 install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
229 sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
230
231 if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
232 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
233 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
234 else
235 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
236 fi
237
238 # Create SSL structure for packages such as ca-certificates which
239 # contain hard-coded paths to /etc/ssl. Debian does the same.
240 install -d ${D}${sysconfdir}/ssl
241 mv ${D}${libdir}/ssl/certs \
242 ${D}${libdir}/ssl/private \
243 ${D}${libdir}/ssl/openssl.cnf \
244 ${D}${sysconfdir}/ssl/
245
246 # Although absolute symlinks would be OK for the target, they become
247 # invalid if native or nativesdk are relocated from sstate.
248 ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
249 ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
250 ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
251
252 # Rename man pages to prefix openssl10-*
253 for f in `find ${D}${mandir} -type f`; do
254 mv $f $(dirname $f)/openssl10-$(basename $f)
255 done
256 for f in `find ${D}${mandir} -type l`; do
257 ln_f=`readlink $f`
258 rm -f $f
259 ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
260 done
261}
262
263do_install_append_class-native () {
264 create_wrapper ${D}${bindir}/openssl \
265 OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
266 SSL_CERT_DIR=${libdir}/ssl/certs \
267 SSL_CERT_FILE=${libdir}/ssl/cert.pem \
268 OPENSSL_ENGINES=${libdir}/ssl/engines
269}
270
271do_install_append_class-nativesdk () {
272 mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
273 install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
274}
275
276do_install_ptest () {
277 cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
278
279 # Replace the path to native perl with the path to target perl
280 sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
281
282 cp Configure config e_os.h ${D}${PTEST_PATH}
283 cp -r -L include ${D}${PTEST_PATH}
284 ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
285 ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
286 mkdir -p ${D}${PTEST_PATH}/crypto
287 cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
288 cp -r certs ${D}${PTEST_PATH}
289 mkdir -p ${D}${PTEST_PATH}/apps
290 ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
291 ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
292 ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
293 cp apps/server.pem ${D}${PTEST_PATH}/apps
294 cp apps/server2.pem ${D}${PTEST_PATH}/apps
295 mkdir -p ${D}${PTEST_PATH}/util
296 install util/opensslwrap.sh ${D}${PTEST_PATH}/util
297 install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
298 # Time stamps are relevant for "make alltests", otherwise
299 # make may try to recompile binaries. Not only must the
300 # binary files be newer than the sources, they also must
301 # be more recent than the header files in /usr/include.
302 #
303 # Using "cp -a" is not sufficient, because do_install
304 # does not preserve the original time stamps.
305 #
306 # So instead of using the original file stamps, we set
307 # the current time for all files. Binaries will get
308 # modified again later when stripping them, but that's okay.
309 touch ${D}${PTEST_PATH}
310 find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
311
312 # exclude binary files or the package won't install
313 for d in ssltest_old v3ext x509aux; do
314 rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
315 done
316
317 # Remove build host references
318 sed -i \
319 -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
320 -e 's|${DEBUG_PREFIX_MAP}||g' \
321 ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
322}
323
324# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
325# package RRECOMMENDS on this package. This will enable the configuration
326# file to be installed for both the base openssl package and the libcrypto
327# package since the base openssl package depends on the libcrypto package.
328
329PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
330
331FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
332FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
333FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
334FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
335FILES_${PN}-misc = "${libdir}/ssl/misc"
336FILES_${PN} =+ "${libdir}/ssl/*"
337FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
338
339CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
340
341RRECOMMENDS_libcrypto10 += "openssl10-conf"
342RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
343RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
344
345BBCLASSEXTEND = "native nativesdk"
346PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
347
348# openssl 1.0 development files and executable binaries clash with openssl 1.1
349# files when installed into target rootfs. So we don't put them into
350# packages, but they continue to be provided via target sysroot for
351# cross-compilation on the host, if some software still depends on openssl 1.0.
352openssl_package_preprocess () {
353 for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
354 rm $file
355 done
356 rm ${PKGD}${bindir}/openssl
357 rm ${PKGD}${bindir}/c_rehash
358 rmdir ${PKGD}${bindir}
359
360}