aboutsummaryrefslogblamecommitdiffstats
path: root/main/openssl/APKBUILD
blob: e06ddf42fe6a657aa270c714247b912cc970be68 (plain) (tree)
1
2
3
4
5
6
7
8
9
                                                        

                                            

                      
        
                                                    
                              
          
                    
                   
                        
                                
                                                  

                                                                        


                                                             
                                  
 
           


                     


                     



                      

                     

                     

                     



                     

                     
              


                     

                               







                                                                




                                                                                   
                                                      
                                                        
                                                          
                                                      

                                                                                                 
                                                           
                                                                                                        



                                                              
                                                              
 









                                                                                

                                       









                          

                         
                                     



                                          



            



                                                                          



                 




                                      




                               
              
                                             
                                                     
                                                      
                                      



                                                                      
                                                                   
                                                               

 
           








                                                                      
            

                                                                                                                                                      
 
# Contributor: Ariadne Conill <ariadne@dereferenced.org>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=3.0.0
_abiver=${pkgver%.*.*}
pkgrel=2
pkgdesc="Toolkit for Transport Layer Security (TLS)"
url="https://www.openssl.org/"
arch="all"
license="Apache-2.0"
replaces="libressl"
makedepends_build="perl"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $pkgname-libs-static $pkgname-dev $pkgname-doc
	libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
	man-section.patch
	"
builddir="$srcdir/openssl-$pkgver"

# secfixes:
#   1.1.1l-r0:
#     - CVE-2021-3711
#     - CVE-2021-3712
#   1.1.1k-r0:
#     - CVE-2021-3449
#     - CVE-2021-3450
#   1.1.1j-r0:
#     - CVE-2021-23841
#     - CVE-2021-23840
#     - CVE-2021-23839
#   1.1.1i-r0:
#     - CVE-2020-1971
#   1.1.1g-r0:
#     - CVE-2020-1967
#   1.1.1d-r3:
#     - CVE-2019-1551
#   1.1.1d-r1:
#     - CVE-2019-1547
#     - CVE-2019-1549
#     - CVE-2019-1563
#   1.1.1b-r1:
#     - CVE-2019-1543
#   1.1.1a-r0:
#     - CVE-2018-0734
#     - CVE-2018-0735

build() {
	local _target _optflags

	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
		aarch64*)	_target="linux-aarch64" ;;
		arm*)		_target="linux-armv4" ;;
		mips64*)	_target="linux64-mips64" ;;
		# explicit _optflags is needed to prevent automatic -mips3 addition
		mips*)		_target="linux-mips32"; _optflags="-mips32" ;;
		ppc)		_target="linux-ppc" ;;
		ppc64)		_target="linux-ppc64" ;;
		ppc64le)	_target="linux-ppc64le" ;;
		x86)		_target="linux-elf" ;;
		x86_64)		_target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
		s390x) 		_target="linux64-s390x";;
		riscv64)	_target="linux-generic64";;
		*)		msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT"

	# when cross building do not enable threads as libatomic is not avaiable
	if [ "$CBUILD" != "$CHOST" ]; then
		case $CARCH in
			riscv64) _optflags="$_optflags no-threads";;
		esac
	fi

	perl ./Configure \
		$_target \
		--prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared \
		no-zlib \
		no-async \
		no-comp \
		no-idea \
		no-mdc2 \
		no-rc5 \
		no-ec2m \
		no-sm2 \
		no-sm4 \
		no-ssl3 \
		no-seed \
		no-weak-ssl-ciphers \
		$_optflags \
		$CPPFLAGS \
		$CFLAGS \
		$LDFLAGS -Wa,--noexecstack
	make
}

check() {
	# AFALG tests have a sporadic test failure, just delete the broken
	# test for now.
	rm -f test/recipes/30-test_afalg.t

	make test
}

package() {
	make DESTDIR="$pkgdir" install
	# remove the script c_rehash
	rm "$pkgdir"/usr/bin/c_rehash
}

dev() {
	default_dev
	replaces="libressl-dev"
}

_libcrypto() {
	pkgdesc="Crypto library from openssl"
	replaces="libressl2.7-libcrypto libcrypto1.1"
	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	mv "$pkgdir"/etc "$subpkgdir"/
	for i in "$pkgdir"/usr/lib/libcrypto*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
	mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/
	mv "$pkgdir"/usr/lib/ossl-modules "$subpkgdir"/usr/lib/
}

_libssl() {
	pkgdesc="SSL shared libraries"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
}

sha512sums="
1fdf769ef69631eb802671a9e0bb3a01883d58282f651986212983c2d7c9d3499dabe99a6dee0411e997e6fcfa6f682b121b7698596de0d6c78850c2200241b1  openssl-3.0.0.tar.gz
8c44e990fe8a820f649631b9f81cf28225b7516065169a7f68e2dd7c067b30df9b2c6cb88fa826afbc9fcdaf156360aabf7c498d2d9ed452968815b12b004809  man-section.patch
"