From ea4bb69ea67616413aece78a7c7c44a8489d5fa0 Mon Sep 17 00:00:00 2001 From: "coadde [Márcio Alexandre Silva Delgado]" Date: Wed, 20 Apr 2016 14:39:39 -0300 Subject: openssl-static: add new package to [libre] --- libre/openssl-static/PKGBUILD | 78 ++++++++++++++++++++++++++++ libre/openssl-static/ca-dir.patch | 33 ++++++++++++ libre/openssl-static/no-rpath.patch | 11 ++++ libre/openssl-static/ssl3-test-failure.patch | 26 ++++++++++ 4 files changed, 148 insertions(+) create mode 100644 libre/openssl-static/PKGBUILD create mode 100644 libre/openssl-static/ca-dir.patch create mode 100644 libre/openssl-static/no-rpath.patch create mode 100644 libre/openssl-static/ssl3-test-failure.patch diff --git a/libre/openssl-static/PKGBUILD b/libre/openssl-static/PKGBUILD new file mode 100644 index 000000000..d4b15641e --- /dev/null +++ b/libre/openssl-static/PKGBUILD @@ -0,0 +1,78 @@ +# Maintainer: Márcio Silva +# based of openssl + +_pkgname=openssl +pkgname=openssl-static +_ver=1.0.2g +# use a pacman compatible version scheme +pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} +#pkgver=$_ver +pkgrel=3 +pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (static libraries only)' +arch=('i686' 'x86_64' 'armv7h') +url='https://www.openssl.org' +license=('custom:BSD') +depends=('perl-static' 'openssl') +options=('!makeflags' 'staticlibs') +source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz" + "https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz.asc" + 'no-rpath.patch' + 'ssl3-test-failure.patch' + 'ca-dir.patch') +md5sums=('f3c710c045cdee5fd114feb69feba7aa' + 'SKIP' + 'dc78d3d06baffc16217519242ce92478' + '62fc492252edd3283871632bb77fadbe' + '3bf51be3a1bbd262be46dc619f92aa90') +validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491') + +prepare() { + cd $srcdir/$_pkgname-$_ver + + # remove rpath: http://bugs.archlinux.org/task/14367 + patch -p0 -i $srcdir/no-rpath.patch + + # disable a test that fails when ssl3 is disabled + patch -p1 -i $srcdir/ssl3-test-failure.patch + + # set ca dir to /etc/ssl by default + patch -p0 -i $srcdir/ca-dir.patch +} + +build() { + cd $srcdir/$_pkgname-$_ver + + if [ "${CARCH}" == 'x86_64' ]; then + openssltarget='linux-x86_64' + optflags='enable-ec_nistp_64_gcc_128' + elif [ "${CARCH}" == 'i686' ]; then + openssltarget='linux-elf' + optflags='' + fi + + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --libdir=lib \ + no-ssl3-method ${optflags} \ + "${openssltarget}" \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make depend + make +} + +check() { + cd $srcdir/$_pkgname-$_ver + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test + patch -p0 -R -i $srcdir/ca-dir.patch + make test + patch -p0 -i $srcdir/ca-dir.patch +} + +package() { + cd $srcdir/$_pkgname-$_ver + make INSTALL_PREFIX=$pkgdir install + + # remove conflicting files + rm -vr ${pkgdir}/usr/{bin,include,lib/pkgconfig,ssl} +} diff --git a/libre/openssl-static/ca-dir.patch b/libre/openssl-static/ca-dir.patch new file mode 100644 index 000000000..41d1386d3 --- /dev/null +++ b/libre/openssl-static/ca-dir.patch @@ -0,0 +1,33 @@ +--- apps/CA.pl.in 2006-04-28 02:30:49.000000000 +0200 ++++ apps/CA.pl.in 2010-04-01 00:35:02.600553509 +0200 +@@ -53,7 +53,7 @@ + $X509="$openssl x509"; + $PKCS12="$openssl pkcs12"; + +-$CATOP="./demoCA"; ++$CATOP="/etc/ssl"; + $CAKEY="cakey.pem"; + $CAREQ="careq.pem"; + $CACERT="cacert.pem"; +--- apps/CA.sh 2009-10-15 19:27:47.000000000 +0200 ++++ apps/CA.sh 2010-04-01 00:35:02.600553509 +0200 +@@ -68,7 +68,7 @@ + X509="$OPENSSL x509" + PKCS12="openssl pkcs12" + +-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi ++if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi + CAKEY=./cakey.pem + CAREQ=./careq.pem + CACERT=./cacert.pem +--- apps/openssl.cnf 2009-04-04 20:09:43.000000000 +0200 ++++ apps/openssl.cnf 2010-04-01 00:35:02.607220681 +0200 +@@ -39,7 +39,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. diff --git a/libre/openssl-static/no-rpath.patch b/libre/openssl-static/no-rpath.patch new file mode 100644 index 000000000..ebd95e23d --- /dev/null +++ b/libre/openssl-static/no-rpath.patch @@ -0,0 +1,11 @@ +--- Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200 ++++ Makefile.shared 2005-11-16 22:35:37.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/libre/openssl-static/ssl3-test-failure.patch b/libre/openssl-static/ssl3-test-failure.patch new file mode 100644 index 000000000..d161c3d4a --- /dev/null +++ b/libre/openssl-static/ssl3-test-failure.patch @@ -0,0 +1,26 @@ +From: Kurt Roeckx +Date: Sun, 6 Sep 2015 16:04:11 +0200 +Subject: Disable SSLv3 test in test suite + +When testing SSLv3 the test program returns 0 for skip. The test for weak DH +expects a failure, but gets success. + +It should probably be changed to return something other than 0 for a skipped +test. +--- + test/testssl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/testssl b/test/testssl +index 747e4ba..1e4370b 100644 +--- a/test/testssl ++++ b/test/testssl +@@ -160,7 +160,7 @@ test_cipher() { + } + + echo "Testing ciphersuites" +-for protocol in TLSv1.2 SSLv3; do ++for protocol in TLSv1.2; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol -- cgit v1.2.3