Skip to content
This repository has been archived by the owner on May 20, 2023. It is now read-only.

Commit

Permalink
Add OpenSSL 1.1 compatibility package
Browse files Browse the repository at this point in the history
git-svn-id: file:///srv/repos/svn-packages/svn@433976 eb2447ed-0c53-47e4-bac8-5bc4a241df78
  • Loading branch information
pierre committed Jan 8, 2022
0 parents commit d50eccc
Show file tree
Hide file tree
Showing 2 changed files with 108 additions and 0 deletions.
77 changes: 77 additions & 0 deletions trunk/PKGBUILD
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Maintainer: Pierre Schmitz <pierre@archlinux.de>

pkgname=openssl-1.1
_pkgname=openssl
_ver=1.1.1m
# use a pacman compatible version scheme
pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
pkgrel=1
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
arch=('x86_64')
url='https://www.openssl.org'
license=('custom:BSD')
depends=('glibc')
conflicts('openssl<3')
makedepends=('perl')
source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"{,.asc}
'ca-dir.patch')
sha256sums=('f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96'
'SKIP'
'75aa8c2c638c8a3ebfd9fa146fc61c7ff878fc997dc6aa10d39e4b2415d669b2')
validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491'
'7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C')

prepare() {
cd "$srcdir/$_pkgname-$_ver"

# set ca dir to /etc/ssl by default
patch -p0 -i "$srcdir/ca-dir.patch"
}

build() {
cd "$srcdir/$_pkgname-$_ver"

# mark stack as non-executable: http://bugs.archlinux.org/task/12434
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib/openssl-1.1 \
shared no-ssl3-method enable-ec_nistp_64_gcc_128 linux-x86_64 \
"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"

make depend
make
}

check() {
cd "$srcdir/$_pkgname-$_ver"

# the test fails due to missing write permissions in /etc/ssl
# revert this patch for make test
patch -p0 -R -i "$srcdir/ca-dir.patch"

make test

patch -p0 -i "$srcdir/ca-dir.patch"
# re-run make to re-generate CA.pl from th patched .in file.
make apps/CA.pl
}

package() {
cd "$srcdir/$_pkgname-$_ver"

make DESTDIR="$pkgdir" install_sw

# Move some files around
install -m755 -d "$pkgdir/usr/include/openssl-1.1"
mv "$pkgdir/usr/include/openssl" "$pkgdir/usr/include/openssl-1.1/"
mv "$pkgdir/usr/lib/openssl-1.1/libcrypto.so.1.1" "$pkgdir/usr/lib/"
mv "$pkgdir/usr/lib/openssl-1.1/libssl.so.1.1" "$pkgdir/usr/lib/"
ln -sf ../libssl.so.1.1 "$pkgdir/usr/lib/openssl-1.1/libssl.so"
ln -sf ../libcrypto.so.1.1 "$pkgdir/usr/lib/openssl-1.1/libcrypto.so"
mv "$pkgdir/usr/bin/openssl" "$pkgdir/usr/bin/openssl-1.1"

# Update includedir in .pc files
sed -e 's|/include$|/include/openssl-1.1|' -i "$pkgdir"/usr/lib/openssl-1.1/pkgconfig/*.pc

rm -rf "$pkgdir"/{etc,usr/bin/c_rehash}

install -D -m644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
}
31 changes: 31 additions & 0 deletions trunk/ca-dir.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
--- apps/CA.pl.in 2019-09-10 15:13:07.000000000 +0200
+++ apps/CA.pl.in 2019-10-06 09:34:23.960864556 +0200
@@ -33,7 +33,7 @@
my $PKCS12 = "$openssl pkcs12";

# default openssl.cnf file has setup as per the following
-my $CATOP = "./demoCA";
+my $CATOP = "/etc/ssl";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
--- apps/openssl.cnf 2019-09-10 15:13:07.000000000 +0200
+++ apps/openssl.cnf 2019-10-06 09:34:23.960864556 +0200
@@ -42,7 +42,7 @@
####################################################################
[ CA_default ]

-dir = ./demoCA # Where everything is kept
+dir = /etc/ssl # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -325,7 +325,7 @@
[ tsa_config1 ]

# These are used by the TSA reply generation only.
-dir = ./demoCA # TSA root directory
+dir = /etc/ssl # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate

0 comments on commit d50eccc

Please sign in to comment.