diff options
| author | Yurii Kolesnykov | 2017-04-19 13:17:39 +0300 |
|---|---|---|
| committer | Yurii Kolesnykov | 2017-04-19 13:32:06 +0300 |
| commit | 17dbc01934b230cbd5cbd44dc66525a002e57a6e (patch) | |
| tree | c261a524c736f0ef3abc76d561959bf6833ec998 | |
| download | aur-lib32-openssl100.tar.gz | |
init
| -rw-r--r-- | .SRCINFO | 27 | ||||
| -rw-r--r-- | PKGBUILD | 79 | ||||
| -rw-r--r-- | ca-dir.patch | 33 | ||||
| -rw-r--r-- | no-rpath.patch | 11 | ||||
| -rw-r--r-- | ssl3-test-failure.patch | 26 |
5 files changed, 176 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..72b7c9e19a3e --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,27 @@ +pkgbase = lib32-openssl100 + pkgdesc = The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (32-bit) + pkgver = 1.0.2.k + pkgrel = 1 + epoch = 1 + url = https://www.openssl.org + arch = x86_64 + license = custom:BSD + makedepends = gcc-multilib + depends = lib32-glibc + depends = openssl + optdepends = ca-certificates + options = !makeflags + source = https://www.openssl.org/source/openssl-1.0.2k.tar.gz + source = https://www.openssl.org/source/openssl-1.0.2k.tar.gz.asc + source = no-rpath.patch + source = ssl3-test-failure.patch + source = ca-dir.patch + validpgpkeys = 8657ABB260F056B1E5190839D9C4D26D0E604491 + md5sums = f965fc0bf01bf882b31314b61391ae65 + md5sums = SKIP + md5sums = dc78d3d06baffc16217519242ce92478 + md5sums = 62fc492252edd3283871632bb77fadbe + md5sums = 3bf51be3a1bbd262be46dc619f92aa90 + +pkgname = lib32-openssl100 + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..4bfdde4b8f1e --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,79 @@ +# Maintainer: Yurii Kolesnykov <yurikoles@gmail.com> +# Contributor: Pierre Schmitz <pierre@archlinux.de> + +_pkgbasename=openssl +pkgname=lib32-openssl100 +_ver=1.0.2k +# use a pacman compatible version scheme +pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} +#pkgver=$_ver +pkgrel=1 +epoch=1 +pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (32-bit)' +arch=('x86_64') +url='https://www.openssl.org' +license=('custom:BSD') +depends=('lib32-glibc' "${_pkgbasename}") +optdepends=('ca-certificates') +makedepends=('gcc-multilib') +options=('!makeflags') +source=("https://www.openssl.org/source/${_pkgbasename}-${_ver}.tar.gz" + "https://www.openssl.org/source/${_pkgbasename}-${_ver}.tar.gz.asc" + 'no-rpath.patch' + 'ssl3-test-failure.patch' + 'ca-dir.patch') +validpgpkeys=(8657ABB260F056B1E5190839D9C4D26D0E604491) +md5sums=('f965fc0bf01bf882b31314b61391ae65' + 'SKIP' + 'dc78d3d06baffc16217519242ce92478' + '62fc492252edd3283871632bb77fadbe' + '3bf51be3a1bbd262be46dc619f92aa90') + +prepare() { + cd $srcdir/$_pkgbasename-$_ver + + # remove rpath: http://bugs.archlinux.org/task/14367 + patch -p0 -i $srcdir/no-rpath.patch + + # disable a test that fails when ssl3 is disabled + patch -p1 -i $srcdir/ssl3-test-failure.patch + + # set ca dir to /etc/ssl by default + patch -p0 -i $srcdir/ca-dir.patch +} + +build() { + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + + cd $srcdir/$_pkgbasename-$_ver + + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib32 \ + shared no-ssl3-method \ + linux-elf \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make MAKEDEPPROG="${CC}" depend + make +} + +check() { + cd $srcdir/$_pkgbasename-$_ver + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test + patch -p0 -R -i $srcdir/ca-dir.patch + make test + patch -p0 -i $srcdir/ca-dir.patch +} + +package() { + cd $srcdir/$_pkgbasename-$_ver + + install -D -m0755 libssl.so.1.0.0 "${pkgdir}/usr/lib32/libssl.so.1.0.0" + install -D -m0755 libcrypto.so.1.0.0 "${pkgdir}/usr/lib32/libcrypto.so.1.0.0" + + mkdir -p "${pkgdir}/usr/share/licenses" + ln -s ${_pkgbasename} "${pkgdir}/usr/share/licenses/${pkgname}" +} diff --git a/ca-dir.patch b/ca-dir.patch new file mode 100644 index 000000000000..41d1386d3d06 --- /dev/null +++ b/ca-dir.patch @@ -0,0 +1,33 @@ +--- apps/CA.pl.in 2006-04-28 02:30:49.000000000 +0200 ++++ apps/CA.pl.in 2010-04-01 00:35:02.600553509 +0200 +@@ -53,7 +53,7 @@ + $X509="$openssl x509"; + $PKCS12="$openssl pkcs12"; + +-$CATOP="./demoCA"; ++$CATOP="/etc/ssl"; + $CAKEY="cakey.pem"; + $CAREQ="careq.pem"; + $CACERT="cacert.pem"; +--- apps/CA.sh 2009-10-15 19:27:47.000000000 +0200 ++++ apps/CA.sh 2010-04-01 00:35:02.600553509 +0200 +@@ -68,7 +68,7 @@ + X509="$OPENSSL x509" + PKCS12="openssl pkcs12" + +-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi ++if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi + CAKEY=./cakey.pem + CAREQ=./careq.pem + CACERT=./cacert.pem +--- apps/openssl.cnf 2009-04-04 20:09:43.000000000 +0200 ++++ apps/openssl.cnf 2010-04-01 00:35:02.607220681 +0200 +@@ -39,7 +39,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. diff --git a/no-rpath.patch b/no-rpath.patch new file mode 100644 index 000000000000..ebd95e23d397 --- /dev/null +++ b/no-rpath.patch @@ -0,0 +1,11 @@ +--- Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200 ++++ Makefile.shared 2005-11-16 22:35:37.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/ssl3-test-failure.patch b/ssl3-test-failure.patch new file mode 100644 index 000000000000..d161c3d4a593 --- /dev/null +++ b/ssl3-test-failure.patch @@ -0,0 +1,26 @@ +From: Kurt Roeckx <kurt@roeckx.be> +Date: Sun, 6 Sep 2015 16:04:11 +0200 +Subject: Disable SSLv3 test in test suite + +When testing SSLv3 the test program returns 0 for skip. The test for weak DH +expects a failure, but gets success. + +It should probably be changed to return something other than 0 for a skipped +test. +--- + test/testssl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/testssl b/test/testssl +index 747e4ba..1e4370b 100644 +--- a/test/testssl ++++ b/test/testssl +@@ -160,7 +160,7 @@ test_cipher() { + } + + echo "Testing ciphersuites" +-for protocol in TLSv1.2 SSLv3; do ++for protocol in TLSv1.2; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol |