diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb | 360 |
1 files changed, 0 insertions, 360 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb deleted file mode 100644 index 87df4f517a..0000000000 --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb +++ /dev/null | |||
@@ -1,360 +0,0 @@ | |||
1 | SUMMARY = "Secure Socket Layer" | ||
2 | DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools." | ||
3 | HOMEPAGE = "http://www.openssl.org/" | ||
4 | BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" | ||
5 | SECTION = "libs/network" | ||
6 | |||
7 | # "openssl | SSLeay" dual license | ||
8 | LICENSE = "openssl" | ||
9 | LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77" | ||
10 | |||
11 | DEPENDS = "hostperl-runtime-native" | ||
12 | DEPENDS_append_class-target = " openssl-native" | ||
13 | |||
14 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | ||
15 | file://run-ptest \ | ||
16 | file://openssl-c_rehash.sh \ | ||
17 | file://configure-targets.patch \ | ||
18 | file://shared-libs.patch \ | ||
19 | file://oe-ldflags.patch \ | ||
20 | file://engines-install-in-libdir-ssl.patch \ | ||
21 | file://debian1.0.2/block_diginotar.patch \ | ||
22 | file://debian1.0.2/block_digicert_malaysia.patch \ | ||
23 | file://debian/c_rehash-compat.patch \ | ||
24 | file://debian/debian-targets.patch \ | ||
25 | file://debian/man-dir.patch \ | ||
26 | file://debian/man-section.patch \ | ||
27 | file://debian/no-rpath.patch \ | ||
28 | file://debian/no-symbolic.patch \ | ||
29 | file://debian/pic.patch \ | ||
30 | file://debian1.0.2/version-script.patch \ | ||
31 | file://debian1.0.2/soname.patch \ | ||
32 | file://openssl_fix_for_x32.patch \ | ||
33 | file://openssl-fix-des.pod-error.patch \ | ||
34 | file://Makefiles-ptest.patch \ | ||
35 | file://ptest-deps.patch \ | ||
36 | file://ptest_makefile_deps.patch \ | ||
37 | file://configure-musl-target.patch \ | ||
38 | file://parallel.patch \ | ||
39 | file://Use-SHA256-not-MD5-as-default-digest.patch \ | ||
40 | file://0001-Fix-build-with-clang-using-external-assembler.patch \ | ||
41 | file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ | ||
42 | file://0001-allow-manpages-to-be-disabled.patch \ | ||
43 | file://0001-Fix-BN_LLONG-breakage.patch \ | ||
44 | file://0001-Fix-DES_LONG-breakage.patch \ | ||
45 | " | ||
46 | |||
47 | SRC_URI_append_class-target = " \ | ||
48 | file://reproducible-cflags.patch \ | ||
49 | file://reproducible-mkbuildinf.patch \ | ||
50 | " | ||
51 | |||
52 | SRC_URI_append_class-nativesdk = " \ | ||
53 | file://environment.d-openssl.sh \ | ||
54 | " | ||
55 | |||
56 | SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac" | ||
57 | SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6" | ||
58 | |||
59 | S = "${WORKDIR}/openssl-${PV}" | ||
60 | |||
61 | UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar" | ||
62 | |||
63 | inherit pkgconfig siteinfo multilib_header ptest manpages | ||
64 | |||
65 | PACKAGECONFIG ?= "cryptodev-linux" | ||
66 | PACKAGECONFIG_class-native = "" | ||
67 | PACKAGECONFIG_class-nativesdk = "" | ||
68 | |||
69 | PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux" | ||
70 | PACKAGECONFIG[manpages] = ",,," | ||
71 | PACKAGECONFIG[perl] = ",,," | ||
72 | |||
73 | # Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE | ||
74 | # vulnerability | ||
75 | EXTRA_OECONF = "no-ssl3" | ||
76 | |||
77 | EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}" | ||
78 | |||
79 | export OE_LDFLAGS = "${LDFLAGS}" | ||
80 | |||
81 | TERMIO ?= "-DTERMIO" | ||
82 | TERMIO_libc-musl = "-DTERMIOS" | ||
83 | EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" | ||
84 | |||
85 | CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ | ||
86 | ${TERMIO} ${CFLAGS} -Wall" | ||
87 | |||
88 | # Avoid binaries being marked as requiring an executable stack since they don't | ||
89 | # (and it causes issues with SELinux) | ||
90 | CFLAG += "-Wa,--noexecstack" | ||
91 | |||
92 | CFLAG_append_class-native = " -fPIC" | ||
93 | |||
94 | do_configure () { | ||
95 | # The crypto_use_bigint patch means that perl's bignum module needs to be | ||
96 | # installed, but some distributions (for example Fedora 23) don't ship it by | ||
97 | # default. As the resulting error is very misleading check for bignum before | ||
98 | # building. | ||
99 | if ! perl -Mbigint -e true; then | ||
100 | bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." | ||
101 | fi | ||
102 | |||
103 | ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ | ||
104 | |||
105 | os=${HOST_OS} | ||
106 | case $os in | ||
107 | linux-gnueabi |\ | ||
108 | linux-gnuspe |\ | ||
109 | linux-musleabi |\ | ||
110 | linux-muslspe |\ | ||
111 | linux-musl ) | ||
112 | os=linux | ||
113 | ;; | ||
114 | *) | ||
115 | ;; | ||
116 | esac | ||
117 | target="$os-${HOST_ARCH}" | ||
118 | case $target in | ||
119 | linux-arm) | ||
120 | target=linux-armv4 | ||
121 | ;; | ||
122 | linux-armeb) | ||
123 | target=linux-elf-armeb | ||
124 | ;; | ||
125 | linux-aarch64*) | ||
126 | target=linux-aarch64 | ||
127 | ;; | ||
128 | linux-sh3) | ||
129 | target=debian-sh3 | ||
130 | ;; | ||
131 | linux-sh4) | ||
132 | target=debian-sh4 | ||
133 | ;; | ||
134 | linux-i486) | ||
135 | target=debian-i386-i486 | ||
136 | ;; | ||
137 | linux-i586 | linux-viac3) | ||
138 | target=debian-i386-i586 | ||
139 | ;; | ||
140 | linux-i686) | ||
141 | target=debian-i386-i686/cmov | ||
142 | ;; | ||
143 | linux-gnux32-x86_64 | linux-muslx32-x86_64 ) | ||
144 | target=linux-x32 | ||
145 | ;; | ||
146 | linux-gnu64-x86_64) | ||
147 | target=linux-x86_64 | ||
148 | ;; | ||
149 | linux-gnun32-mips*el) | ||
150 | target=debian-mipsn32el | ||
151 | ;; | ||
152 | linux-gnun32-mips*) | ||
153 | target=debian-mipsn32 | ||
154 | ;; | ||
155 | linux-mips*64*el) | ||
156 | target=debian-mips64el | ||
157 | ;; | ||
158 | linux-mips*64*) | ||
159 | target=debian-mips64 | ||
160 | ;; | ||
161 | linux-mips*el) | ||
162 | target=debian-mipsel | ||
163 | ;; | ||
164 | linux-mips*) | ||
165 | target=debian-mips | ||
166 | ;; | ||
167 | linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*) | ||
168 | target=linux-generic32 | ||
169 | ;; | ||
170 | linux-powerpc) | ||
171 | target=linux-ppc | ||
172 | ;; | ||
173 | linux-powerpc64) | ||
174 | target=linux-ppc64 | ||
175 | ;; | ||
176 | linux-riscv32) | ||
177 | target=linux-generic32 | ||
178 | ;; | ||
179 | linux-riscv64) | ||
180 | target=linux-generic64 | ||
181 | ;; | ||
182 | linux-sparc | linux-supersparc) | ||
183 | target=linux-sparcv8 | ||
184 | ;; | ||
185 | esac | ||
186 | |||
187 | # inject machine-specific flags | ||
188 | sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure | ||
189 | |||
190 | useprefix=${prefix} | ||
191 | if [ "x$useprefix" = "x" ]; then | ||
192 | useprefix=/ | ||
193 | fi | ||
194 | libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )" | ||
195 | perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target | ||
196 | } | ||
197 | |||
198 | do_compile () { | ||
199 | oe_runmake depend | ||
200 | oe_runmake | ||
201 | } | ||
202 | |||
203 | do_compile_class-target () { | ||
204 | sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile | ||
205 | oe_runmake depend | ||
206 | cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g') | ||
207 | oe_runmake CC_INFO="$cc_sanitized" | ||
208 | } | ||
209 | |||
210 | do_compile_ptest () { | ||
211 | oe_runmake buildtest | ||
212 | } | ||
213 | |||
214 | do_install () { | ||
215 | # Create ${D}/${prefix} to fix parallel issues | ||
216 | mkdir -p ${D}/${prefix}/ | ||
217 | |||
218 | oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install | ||
219 | |||
220 | oe_libinstall -so libcrypto ${D}${libdir} | ||
221 | oe_libinstall -so libssl ${D}${libdir} | ||
222 | |||
223 | install -d ${D}${includedir} | ||
224 | cp --dereference -R include/openssl ${D}${includedir} | ||
225 | |||
226 | oe_multilib_header openssl/opensslconf.h | ||
227 | |||
228 | install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash | ||
229 | sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash | ||
230 | |||
231 | if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then | ||
232 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl | ||
233 | sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget | ||
234 | else | ||
235 | rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget | ||
236 | fi | ||
237 | |||
238 | # Create SSL structure for packages such as ca-certificates which | ||
239 | # contain hard-coded paths to /etc/ssl. Debian does the same. | ||
240 | install -d ${D}${sysconfdir}/ssl | ||
241 | mv ${D}${libdir}/ssl/certs \ | ||
242 | ${D}${libdir}/ssl/private \ | ||
243 | ${D}${libdir}/ssl/openssl.cnf \ | ||
244 | ${D}${sysconfdir}/ssl/ | ||
245 | |||
246 | # Although absolute symlinks would be OK for the target, they become | ||
247 | # invalid if native or nativesdk are relocated from sstate. | ||
248 | ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs | ||
249 | ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private | ||
250 | ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf | ||
251 | |||
252 | # Rename man pages to prefix openssl10-* | ||
253 | for f in `find ${D}${mandir} -type f`; do | ||
254 | mv $f $(dirname $f)/openssl10-$(basename $f) | ||
255 | done | ||
256 | for f in `find ${D}${mandir} -type l`; do | ||
257 | ln_f=`readlink $f` | ||
258 | rm -f $f | ||
259 | ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f) | ||
260 | done | ||
261 | } | ||
262 | |||
263 | do_install_append_class-native () { | ||
264 | create_wrapper ${D}${bindir}/openssl \ | ||
265 | OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ | ||
266 | SSL_CERT_DIR=${libdir}/ssl/certs \ | ||
267 | SSL_CERT_FILE=${libdir}/ssl/cert.pem \ | ||
268 | OPENSSL_ENGINES=${libdir}/ssl/engines | ||
269 | } | ||
270 | |||
271 | do_install_append_class-nativesdk () { | ||
272 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d | ||
273 | install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | ||
274 | } | ||
275 | |||
276 | do_install_ptest () { | ||
277 | cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} | ||
278 | |||
279 | # Replace the path to native perl with the path to target perl | ||
280 | sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile | ||
281 | |||
282 | cp Configure config e_os.h ${D}${PTEST_PATH} | ||
283 | cp -r -L include ${D}${PTEST_PATH} | ||
284 | ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH} | ||
285 | ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} | ||
286 | mkdir -p ${D}${PTEST_PATH}/crypto | ||
287 | cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto | ||
288 | cp -r certs ${D}${PTEST_PATH} | ||
289 | mkdir -p ${D}${PTEST_PATH}/apps | ||
290 | ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps | ||
291 | ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps | ||
292 | ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps | ||
293 | cp apps/server.pem ${D}${PTEST_PATH}/apps | ||
294 | cp apps/server2.pem ${D}${PTEST_PATH}/apps | ||
295 | mkdir -p ${D}${PTEST_PATH}/util | ||
296 | install util/opensslwrap.sh ${D}${PTEST_PATH}/util | ||
297 | install util/shlib_wrap.sh ${D}${PTEST_PATH}/util | ||
298 | # Time stamps are relevant for "make alltests", otherwise | ||
299 | # make may try to recompile binaries. Not only must the | ||
300 | # binary files be newer than the sources, they also must | ||
301 | # be more recent than the header files in /usr/include. | ||
302 | # | ||
303 | # Using "cp -a" is not sufficient, because do_install | ||
304 | # does not preserve the original time stamps. | ||
305 | # | ||
306 | # So instead of using the original file stamps, we set | ||
307 | # the current time for all files. Binaries will get | ||
308 | # modified again later when stripping them, but that's okay. | ||
309 | touch ${D}${PTEST_PATH} | ||
310 | find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH} | ||
311 | |||
312 | # exclude binary files or the package won't install | ||
313 | for d in ssltest_old v3ext x509aux; do | ||
314 | rm -rf ${D}${libdir}/${BPN}/ptest/test/$d | ||
315 | done | ||
316 | |||
317 | # Remove build host references | ||
318 | sed -i \ | ||
319 | -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ | ||
320 | -e 's|${DEBUG_PREFIX_MAP}||g' \ | ||
321 | ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure | ||
322 | } | ||
323 | |||
324 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto | ||
325 | # package RRECOMMENDS on this package. This will enable the configuration | ||
326 | # file to be installed for both the base openssl package and the libcrypto | ||
327 | # package since the base openssl package depends on the libcrypto package. | ||
328 | |||
329 | PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc" | ||
330 | |||
331 | FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}" | ||
332 | FILES_libssl10 = "${libdir}/libssl${SOLIBS}" | ||
333 | FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" | ||
334 | FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" | ||
335 | FILES_${PN}-misc = "${libdir}/ssl/misc" | ||
336 | FILES_${PN} =+ "${libdir}/ssl/*" | ||
337 | FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" | ||
338 | |||
339 | CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf" | ||
340 | |||
341 | RRECOMMENDS_libcrypto10 += "openssl10-conf" | ||
342 | RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" | ||
343 | RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" | ||
344 | |||
345 | BBCLASSEXTEND = "native nativesdk" | ||
346 | PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess" | ||
347 | |||
348 | # openssl 1.0 development files and executable binaries clash with openssl 1.1 | ||
349 | # files when installed into target rootfs. So we don't put them into | ||
350 | # packages, but they continue to be provided via target sysroot for | ||
351 | # cross-compilation on the host, if some software still depends on openssl 1.0. | ||
352 | openssl_package_preprocess () { | ||
353 | for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do | ||
354 | rm $file | ||
355 | done | ||
356 | rm ${PKGD}${bindir}/openssl | ||
357 | rm ${PKGD}${bindir}/c_rehash | ||
358 | rmdir ${PKGD}${bindir} | ||
359 | |||
360 | } | ||