This repository has been archived by the owner on May 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add OpenSSL 1.1 compatibility package
git-svn-id: file:///srv/repos/svn-packages/svn@433976 eb2447ed-0c53-47e4-bac8-5bc4a241df78
- Loading branch information
pierre
committed
Jan 8, 2022
0 parents
commit d50eccc
Showing
2 changed files
with
108 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# Maintainer: Pierre Schmitz <pierre@archlinux.de> | ||
|
||
pkgname=openssl-1.1 | ||
_pkgname=openssl | ||
_ver=1.1.1m | ||
# use a pacman compatible version scheme | ||
pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} | ||
pkgrel=1 | ||
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security' | ||
arch=('x86_64') | ||
url='https://www.openssl.org' | ||
license=('custom:BSD') | ||
depends=('glibc') | ||
conflicts('openssl<3') | ||
makedepends=('perl') | ||
source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"{,.asc} | ||
'ca-dir.patch') | ||
sha256sums=('f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96' | ||
'SKIP' | ||
'75aa8c2c638c8a3ebfd9fa146fc61c7ff878fc997dc6aa10d39e4b2415d669b2') | ||
validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491' | ||
'7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C') | ||
|
||
prepare() { | ||
cd "$srcdir/$_pkgname-$_ver" | ||
|
||
# set ca dir to /etc/ssl by default | ||
patch -p0 -i "$srcdir/ca-dir.patch" | ||
} | ||
|
||
build() { | ||
cd "$srcdir/$_pkgname-$_ver" | ||
|
||
# mark stack as non-executable: http://bugs.archlinux.org/task/12434 | ||
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib/openssl-1.1 \ | ||
shared no-ssl3-method enable-ec_nistp_64_gcc_128 linux-x86_64 \ | ||
"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" | ||
|
||
make depend | ||
make | ||
} | ||
|
||
check() { | ||
cd "$srcdir/$_pkgname-$_ver" | ||
|
||
# the test fails due to missing write permissions in /etc/ssl | ||
# revert this patch for make test | ||
patch -p0 -R -i "$srcdir/ca-dir.patch" | ||
|
||
make test | ||
|
||
patch -p0 -i "$srcdir/ca-dir.patch" | ||
# re-run make to re-generate CA.pl from th patched .in file. | ||
make apps/CA.pl | ||
} | ||
|
||
package() { | ||
cd "$srcdir/$_pkgname-$_ver" | ||
|
||
make DESTDIR="$pkgdir" install_sw | ||
|
||
# Move some files around | ||
install -m755 -d "$pkgdir/usr/include/openssl-1.1" | ||
mv "$pkgdir/usr/include/openssl" "$pkgdir/usr/include/openssl-1.1/" | ||
mv "$pkgdir/usr/lib/openssl-1.1/libcrypto.so.1.1" "$pkgdir/usr/lib/" | ||
mv "$pkgdir/usr/lib/openssl-1.1/libssl.so.1.1" "$pkgdir/usr/lib/" | ||
ln -sf ../libssl.so.1.1 "$pkgdir/usr/lib/openssl-1.1/libssl.so" | ||
ln -sf ../libcrypto.so.1.1 "$pkgdir/usr/lib/openssl-1.1/libcrypto.so" | ||
mv "$pkgdir/usr/bin/openssl" "$pkgdir/usr/bin/openssl-1.1" | ||
|
||
# Update includedir in .pc files | ||
sed -e 's|/include$|/include/openssl-1.1|' -i "$pkgdir"/usr/lib/openssl-1.1/pkgconfig/*.pc | ||
|
||
rm -rf "$pkgdir"/{etc,usr/bin/c_rehash} | ||
|
||
install -D -m644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- apps/CA.pl.in 2019-09-10 15:13:07.000000000 +0200 | ||
+++ apps/CA.pl.in 2019-10-06 09:34:23.960864556 +0200 | ||
@@ -33,7 +33,7 @@ | ||
my $PKCS12 = "$openssl pkcs12"; | ||
|
||
# default openssl.cnf file has setup as per the following | ||
-my $CATOP = "./demoCA"; | ||
+my $CATOP = "/etc/ssl"; | ||
my $CAKEY = "cakey.pem"; | ||
my $CAREQ = "careq.pem"; | ||
my $CACERT = "cacert.pem"; | ||
--- apps/openssl.cnf 2019-09-10 15:13:07.000000000 +0200 | ||
+++ apps/openssl.cnf 2019-10-06 09:34:23.960864556 +0200 | ||
@@ -42,7 +42,7 @@ | ||
#################################################################### | ||
[ CA_default ] | ||
|
||
-dir = ./demoCA # Where everything is kept | ||
+dir = /etc/ssl # Where everything is kept | ||
certs = $dir/certs # Where the issued certs are kept | ||
crl_dir = $dir/crl # Where the issued crl are kept | ||
database = $dir/index.txt # database index file. | ||
@@ -325,7 +325,7 @@ | ||
[ tsa_config1 ] | ||
|
||
# These are used by the TSA reply generation only. | ||
-dir = ./demoCA # TSA root directory | ||
+dir = /etc/ssl # TSA root directory | ||
serial = $dir/tsaserial # The current serial number (mandatory) | ||
crypto_device = builtin # OpenSSL engine to use for signing | ||
signer_cert = $dir/tsacert.pem # The TSA signing certificate |