aboutsummaryrefslogtreecommitdiffstats
path: root/main/busybox/APKBUILD
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2018-05-30 09:52:20 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2018-05-30 10:44:48 +0000
commit1d0560a9b6b5597b191e5aff69a31c2fe0aba273 (patch)
tree23e808e7b123643b55e2eb07101b8467b429b975 /main/busybox/APKBUILD
parent782065ccea8a1415f01f568f5bce411898f4d7fb (diff)
downloadaports-1d0560a9b6b5597b191e5aff69a31c2fe0aba273.tar.gz
aports-1d0560a9b6b5597b191e5aff69a31c2fe0aba273.tar.bz2
aports-1d0560a9b6b5597b191e5aff69a31c2fe0aba273.tar.xz
main/busybox: properly fix wget https support
fix busybox wget https support by using an external ssl_client helper for https. Disable the use of external openssl. This was fixed to check certificates as a temporary solution. openssl can not produce any useful error messages on certificate errors. It is big. So we simply disable its use. For dynamic busybox we disable the internal ssl_client and the internal (broken) tls code, and build our own ssl_client which properly verifies the certificates. For the static busybox we enable the internal ssl_client and tls code, but we only allow its use with --no-check-certificates. This is so we still can fetch things from https in an emergency situation. We auto-install ssl_client if both libssl and busybox are installed. This is to keep backwards compatibility.
Diffstat (limited to 'main/busybox/APKBUILD')
-rw-r--r--main/busybox/APKBUILD36
1 files changed, 27 insertions, 9 deletions
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index f656f86d57..de1a1fcbf0 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -3,19 +3,19 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.28.3
-pkgrel=1
+pkgrel=2
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url=http://busybox.net
arch="all"
license="GPL-2.0"
-makedepends_build=""
+makedepends_build="libressl-dev"
makedepends_host="linux-headers"
makedepends="$makedepends_build $makedepends_host"
checkdepends="zip"
provides="/bin/sh"
install="$pkgname.post-install $pkgname.post-upgrade
$pkgname-extras.post-install $pkgname-extras.pre-deinstall"
-subpackages="$pkgname-static $pkgname-suid $pkgname-extras"
+subpackages="$pkgname-static $pkgname-suid $pkgname-extras ssl_client"
options="suid !check"
triggers="busybox.trigger=/bin:/usr/bin:/sbin:/usr/sbin:/lib/modules/*"
source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
@@ -42,8 +42,8 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
0001-nsenter-Rename-network-option-to-net.patch
0002-nsenter-fix-parsing-of-t-S-and-G-options.patch
- 0001-wget-print-warning-when-internal-tls-is-used.patch
- 0002-wget-verify-certificate-when-openssl-helper-is-used.patch
+ 0001-wget-emit-a-message-that-certificate-verification-is.patch
+ external_ssl_client.patch
acpid.logrotate
busyboxconfig
@@ -51,6 +51,7 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
bbsuid.c
dad.if-up
nologin.c
+ ssl_client.c
"
# secfixes:
@@ -81,6 +82,10 @@ build() {
${CC:-${CROSS_COMPILE}gcc} ${CPPFLAGS} ${CFLAGS} \
${LDFLAGS} "$srcdir"/bbsuid.c -o "$_dyndir"/bbsuid
+ msg "Building ssl_client"
+ ${CC:-${CROSS_COMPILE}gcc} ${CPPFLAGS} ${CFLAGS} $(pkg-config --cflags libtls) \
+ "$srcdir"/ssl_client.c -o "$_dyndir"/ssl_client ${LDFLAGS} $(pkg-config --libs libtls)
+
# build dynamic
cd "$_dyndir"
msg "Building dynamic busybox"
@@ -104,8 +109,10 @@ build() {
# build static
cd "$_staticdir"
msg "Building static busybox"
+ # enable internal ssl_client for static build
sed -e "s/.*CONFIG_PIE.*/\# CONFIG_PIE is not set/" \
-e "s/.*CONFIG_STATIC.*/CONFIG_STATIC=y/" \
+ -e "s/.*CONFIG_SSL_CLIENT.*/CONFIG_SSL_CLIENT=y/" \
"$_config" > .config
# musl does not support GNU regex
[ "$CLIBC" = musl ] && sed -i \
@@ -187,6 +194,16 @@ static() {
"$subpkgdir"/bin/busybox.static
}
+ssl_client() {
+ pkgdesc="EXternal ssl_client for busybox wget"
+ local _sslver=$(pkg-config --modversion libssl)
+ # automatically pull in if both busybox and libssl is installed
+ install_if="$pkgname=$pkgver-r$pkgrel libressl${_sslver%.*}-libssl"
+ mkdir -p "$subpkgdir"/usr/bin
+ install -m755 "$_dyndir"/ssl_client \
+ "$subpkgdir"/usr/bin/ssl_client
+}
+
sha512sums="0e87019d9d1179bc072a5ef9752d7342747e311db13c0b0dfa9f380a1e3ad1c265cca118d41f86829629ec5c8eb3e83985421c6f3ea6c8a9991b92ed301a4982 busybox-1.28.3.tar.bz2
51d4d58baff825a51d476bd4594cb8980ec2aa4d0c864a0eec39ccbbadd1ae9f1cd1b20f492a735ffcdf7c925573594f3c4363b0561c8aa7b91ef534bfc7b2e0 0001-ash-add-support-for-command_not_found_handle-hook-fu.patch
5d2fd3e521ee29d970f377363e3a3144eaf9f7714bc57494d743ded9e39c1ad93ea8759b2febd9c3786968b41e61b8d01ce2361aa997df177b644d63718470ba 0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch
@@ -208,11 +225,12 @@ d90d6b3406760fe3df6dbed46a0f4d1c02a69d5184ebc86d8c1692bc4576532127283ba3ff9a81e6
0dbe3ee424c0a6e4aba4f551f6b6b9ee087655a03747a40906961b141d40b1cbb2345438f17887a1b78d880cb3a7ad0116936dd7c05e95160febfd299423e83b 0001-cat-fix-cat-e-and-cat-v-erroneously-numbering-1st-li.patch
d2364e20b12c5215c4baecc3c6faf903e6e1e2bee95d697af047d680e9d57e7aeea54c8584d062d92daa0ea64898b502fbae010b22ab236ec4018966b74deeec 0001-nsenter-Rename-network-option-to-net.patch
0dbffae82b62317fc4144a01940ebc601e58b0e14eb8338bc42db79407d0b74dbe9f0f44758b9a5baa399eb90f8e8ee8f9c344bebd1b03bdd2ce520cb2b28d5e 0002-nsenter-fix-parsing-of-t-S-and-G-options.patch
-38973e70fc77450ba1bf4d2aa7db5425d57f18eab9ae5676d457294ade12ae6b44300ae41f100f452e2efa1d027612fa501c9ac0f95ce340519e1dce497e4971 0001-wget-print-warning-when-internal-tls-is-used.patch
-2af27d1f6f1a0b028464a0f5abed79311d39d27f2ba99abe91fb15e24ed93d0df69edd8cfbf5c6444d10af1eb8b343ec8d5053010f385fe77a6cc71abb3cdcbd 0002-wget-verify-certificate-when-openssl-helper-is-used.patch
+90f9e95f6f953df2cf579f701b3135bad910f514e94b3e23b953acec12b10f33aa9200169dc7b454c6a04fbd992a370e6ca835406f9b5495951e0a8416137000 0001-wget-emit-a-message-that-certificate-verification-is.patch
+27bd37af65f48b52fe6329f5ddf86ce9afdd1c156f94c6e868d35434298ec96c3b436097ced57f403940a29a9721b56e09bee66da3ee2cfc49c0d90d2e7a2d3d external_ssl_client.patch
a9b1403c844c51934637215307dd9e2adb9458921047acff0d86dcf229b6e0027f4b2c6cdaa25a58407aad9d098fb5685d58eb5ff8d2aa3de4912cdea21fe54c acpid.logrotate
-035f2a28719971d9ff805d208d70bc1144fd3701235dc46ef581a559e696ef92265f28f7debf0248a2cee004a773dcd07828bcc088716f5aff944ccdce15d30f busyboxconfig
+d65dc165488a179ab19482ad74e350df9dfdccf2363b26424d2d145e27ab0819cd0cfdfb79b4a2bd0bd7c6eda3b95ea61f3c264357986e78c4675df94d487aec busyboxconfig
0efbe22e2fd56993d92b6542d4ccffb2b42d50495be085c98f417a71f503b4071e2f092afcec77f78064d33ffb0922c28daa3cb9958e6d7fb26d5a660abd90f4 busyboxconfig-extras
0becc2186d6c32fb0c401cf7bc0e46268b38ce8892db33be1daf40273024c1c02d518283f44086a313a2ccef34230a1d945ec148cc173f26e6aa9d88a7426e54 bbsuid.c
a1127c8a384294135e11500fde7ead33b73d24b11c21911b08447a4c4ef71d7a9965d6466f60f2da64e3b877213b0a3e924a5add3c5333ee3ecde8c2a91c5e02 dad.if-up
-061f7417c1cbf0424a5fab77e2f5912aa1593f39b33ea294af4c03518ca712d793a77ea82ff1f36e9cb98751d9faacb9d0240cdf0894efd8f26c13c28a692404 nologin.c"
+061f7417c1cbf0424a5fab77e2f5912aa1593f39b33ea294af4c03518ca712d793a77ea82ff1f36e9cb98751d9faacb9d0240cdf0894efd8f26c13c28a692404 nologin.c
+d7e1409a7beba30bb8f30a04d2ef1aad6461c19d5ab3a09514e3698fe86c247c4cc10d4d94b85c1608e6401374964b705fa6982b3f7a2b2acc2d6f14ba91806d ssl_client.c"