diff options
| author | Vincent Grande | 2021-01-02 23:45:22 -0500 |
|---|---|---|
| committer | Vincent Grande | 2021-01-02 23:45:22 -0500 |
| commit | 85e4566f27ce81a2ac5961c7bbc748ff38675fc6 (patch) | |
| tree | 1cda80116a186dc722697a092c27ae1c90c26b95 | |
| download | aur-85e4566f27ce81a2ac5961c7bbc748ff38675fc6.tar.gz | |
initial upload
| -rw-r--r-- | .SRCINFO | 20 | ||||
| -rw-r--r-- | PKGBUILD | 66 | ||||
| -rw-r--r-- | ca-dir.patch | 31 |
3 files changed, 117 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..3ff5e6a0e22f --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,20 @@ +pkgbase = lib32-openssl-hardened + pkgdesc = The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (32-bit) + pkgver = 1.1.1.i + pkgrel = 1 + epoch = 1 + url = https://www.openssl.org + arch = x86_64 + license = custom:BSD + depends = lib32-glibc + depends = openssl + optdepends = ca-certificates + provides = lib32-openssl + conflicts = lib32-openssl + source = https://www.openssl.org/source/openssl-1.1.1i.tar.gz + source = ca-dir.patch + sha256sums = SKIP + sha256sums = SKIP + +pkgname = lib32-openssl-hardened + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..d652fb36d0a5 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,66 @@ +# Maintainer: Vincent Grande <shoober420@gmail.com> +# Contributor: Pierre Schmitz <pierre@archlinux.de> + +_pkgbasename=openssl +pkgname=lib32-$_pkgbasename-hardened +epoch=1 +_ver=1.1.1i +# use a pacman compatible version scheme +pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} +pkgrel=1 +pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (32-bit)' +arch=('x86_64') +url='https://www.openssl.org' +license=('custom:BSD') +depends=('lib32-glibc' "${_pkgbasename}") +optdepends=('ca-certificates') +provides=(lib32-openssl) +conflicts=(lib32-openssl) +source=("https://www.openssl.org/source/${_pkgbasename}-${_ver}.tar.gz" + 'ca-dir.patch') +sha256sums=('SKIP' + 'SKIP') +#validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491' +# '7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C') + +prepare() { + cd "$srcdir"/$_pkgbasename-$_ver + + # set ca dir to /etc/ssl by default + patch -p0 -i "$srcdir"/ca-dir.patch +} + +build() { + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + + cd "$srcdir"/$_pkgbasename-$_ver + + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib32 \ + shared no-ssl3-method linux-elf no-ssl2 no-ssl3 no-weak-ssl-ciphers no-ssl no-deprecated no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-tls1_2 \ + no-tls1_2-method enable-tls1_3 no-rc2 no-rc4 -DOPENSSL_USE_IPV6=0 \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make MAKEDEPPROG="${CC}" depend + make +} + +#check() { +# cd "$srcdir"/$_pkgbasename-$_ver + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test +# patch -p0 -R -i "$srcdir"/ca-dir.patch +# make test +# patch -p0 -i "$srcdir"/ca-dir.patch +#} + +package() { + cd "$srcdir"/$_pkgbasename-$_ver + make DESTDIR="$pkgdir" install_sw + + rm -rf ${pkgdir}/{usr/{include,bin},etc} + mkdir -p "$pkgdir"/usr/share/licenses + ln -s $_pkgbasename "$pkgdir"/usr/share/licenses/$pkgname +} diff --git a/ca-dir.patch b/ca-dir.patch new file mode 100644 index 000000000000..a1402435d711 --- /dev/null +++ b/ca-dir.patch @@ -0,0 +1,31 @@ +--- apps/CA.pl.in 2018-09-11 14:48:19.000000000 +0200 ++++ apps/CA.pl.in 2018-09-11 16:16:32.125629435 +0200 +@@ -33,7 +33,7 @@ + my $PKCS12 = "$openssl pkcs12"; + + # default openssl.cnf file has setup as per the following +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/ssl"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +--- apps/openssl.cnf 2018-09-11 14:48:20.000000000 +0200 ++++ apps/openssl.cnf 2018-09-11 16:16:32.125629435 +0200 +@@ -43,7 +43,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -327,7 +327,7 @@ + [ tsa_config1 ] + + # These are used by the TSA reply generation only. +-dir = ./demoCA # TSA root directory ++dir = /etc/ssl # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate |