aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssl/APKBUILD
blob: d9cb9a4dd45d000a5d55fd1ae86c35b36b4e328a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.1.1c
_abiver=${pkgver%.*}
pkgrel=0
pkgdesc="Toolkit for Transport Layer Security (TLS)"
url="https://www.openssl.org"
arch="all"
license="OpenSSL"
replaces="libressl"
makedepends_build="perl"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz"
case "$CARCH" in
s390x) options="$options !check";; # FIXME: test hangs
esac

builddir="$srcdir/openssl-$pkgver"

# secfixes:
#   1.1.1b-r1:
#     - CVE-2019-1543
#   1.1.1a-r0:
#     - CVE-2018-0734
#     - CVE-2018-0735

build() {
	local _target _optflags
	cd "$builddir"

	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
	aarch64*) _target="linux-aarch64" ;;
	arm*)   _target="linux-armv4" ;;
	mips64*) _target="linux64-mips64" ;;
	# explicit _optflags is needed to prevent automatic -mips3 addition
	mips*) _target="linux-mips32"; _optflags="-mips32" ;;
	ppc64le) _target="linux-ppc64le" ;;
	x86)    _target="linux-elf" ;;
	x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
	s390x)	_target="linux64-s390x";;
	*)	msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}"

	perl ./Configure $_target --prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared no-zlib $_optflags \
		no-async no-comp no-idea no-mdc2 no-rc5 no-ec2m \
		no-sm2 no-sm4 no-ssl2 no-ssl3 no-seed \
		no-weak-ssl-ciphers \
		$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack
	make
}

check() {
	cd "$builddir"
	make test
}

package() {
	cd "$builddir"
	make DESTDIR="$pkgdir" install
	# remove the script c_rehash
	rm "$pkgdir"/usr/bin/c_rehash
}

dev() {
	default_dev
	replaces="libressl-dev"
}

_libcrypto() {
	pkgdesc="Crypto library from openssl"
	replaces="libressl2.7-libcrypto"
	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	mv "$pkgdir"/etc "$subpkgdir"/
	for i in "$pkgdir"/usr/lib/libcrypto*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
	mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/
}

_libssl() {
	pkgdesc="SSL shared libraries"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
}

sha512sums="8e2c5cc11c120efbb7d7850980cb6eaa782d29b4996b3f3378d37613c1679f852d7cc08a90d62e78fcec3439f06bdbee70064579a8c2adaffd91532a97f646ff  openssl-1.1.1c.tar.gz"