diff options
| author | ehs2013 | 2016-06-19 00:04:32 +0800 |
|---|---|---|
| committer | ehs2013 | 2016-06-19 00:04:32 +0800 |
| commit | c9e2e183b2eac07633531660dea0bfd527b27c54 (patch) | |
| tree | aa34392311c114055d3517fd206affbee9da7d02 | |
| download | aur-c9e2e183b2eac07633531660dea0bfd527b27c54.tar.gz | |
Initial commit
| -rw-r--r-- | .SRCINFO | 26 | ||||
| -rw-r--r-- | PKGBUILD | 79 | ||||
| -rw-r--r-- | ca-dir.patch | 33 | ||||
| -rw-r--r-- | no-rpath.patch | 11 | ||||
| -rw-r--r-- | ssl3-test-failure.patch | 26 |
5 files changed, 175 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..cbe32a0750ee --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,26 @@ +pkgbase = openssl-static + pkgdesc = The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (static library) + pkgver = 1.0.2.h + pkgrel = 1 + url = https://www.openssl.org + arch = i686 + arch = x86_64 + license = custom:BSD + depends = perl + optdepends = openssl: headers and pkg-config files + options = !makeflags + options = staticlibs + source = https://www.openssl.org/source/openssl-1.0.2h.tar.gz + source = https://www.openssl.org/source/openssl-1.0.2h.tar.gz.asc + source = no-rpath.patch + source = ssl3-test-failure.patch + source = ca-dir.patch + validpgpkeys = 8657ABB260F056B1E5190839D9C4D26D0E604491 + md5sums = 9392e65072ce4b614c1392eefc1f23d0 + md5sums = SKIP + md5sums = dc78d3d06baffc16217519242ce92478 + md5sums = 62fc492252edd3283871632bb77fadbe + md5sums = 3bf51be3a1bbd262be46dc619f92aa90 + +pkgname = openssl-static + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..35438762066b --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,79 @@ +# $Id$ +# Maintainer: Pierre Schmitz <pierre@archlinux.de> + +pkgname=openssl-static +_pkgname=openssl +_ver=1.0.2h +# use a pacman compatible version scheme +pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} +#pkgver=$_ver +pkgrel=1 +pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (static library)' +arch=('i686' 'x86_64') +url='https://www.openssl.org' +license=('custom:BSD') +depends=('perl') +optdepends=('openssl: headers and pkg-config files') +options=('!makeflags' 'staticlibs') +#backup=('etc/ssl/openssl.cnf') +source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz" + "https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz.asc" + 'no-rpath.patch' + 'ssl3-test-failure.patch' + 'ca-dir.patch') +md5sums=('9392e65072ce4b614c1392eefc1f23d0' + 'SKIP' + 'dc78d3d06baffc16217519242ce92478' + '62fc492252edd3283871632bb77fadbe' + '3bf51be3a1bbd262be46dc619f92aa90') +validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491') + +prepare() { + cd $srcdir/$_pkgname-$_ver + + # remove rpath: http://bugs.archlinux.org/task/14367 + patch -p0 -i $srcdir/no-rpath.patch + + # disable a test that fails when ssl3 is disabled + patch -p1 -i $srcdir/ssl3-test-failure.patch + + # set ca dir to /etc/ssl by default + patch -p0 -i $srcdir/ca-dir.patch +} + +build() { + cd $srcdir/$_pkgname-$_ver + + if [ "${CARCH}" == 'x86_64' ]; then + openssltarget='linux-x86_64' + optflags='enable-ec_nistp_64_gcc_128' + elif [ "${CARCH}" == 'i686' ]; then + openssltarget='linux-elf' + optflags='' + fi + + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ + no-shared no-ssl3-method ${optflags} \ + "${openssltarget}" \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make depend -j + make -j +} + +check() { + cd $srcdir/$_pkgname-$_ver + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test + patch -p0 -R -i $srcdir/ca-dir.patch + #make test + patch -p0 -i $srcdir/ca-dir.patch +} + +package() { + cd $srcdir/$_pkgname-$_ver + make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install + rm -rf "$pkgdir/usr/"{bin,include,share,lib/engines,lib/pkgconfig} $pkgdir/usr/lib/*.so* $pkgdir/etc + install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE +} diff --git a/ca-dir.patch b/ca-dir.patch new file mode 100644 index 000000000000..41d1386d3d06 --- /dev/null +++ b/ca-dir.patch @@ -0,0 +1,33 @@ +--- apps/CA.pl.in 2006-04-28 02:30:49.000000000 +0200 ++++ apps/CA.pl.in 2010-04-01 00:35:02.600553509 +0200 +@@ -53,7 +53,7 @@ + $X509="$openssl x509"; + $PKCS12="$openssl pkcs12"; + +-$CATOP="./demoCA"; ++$CATOP="/etc/ssl"; + $CAKEY="cakey.pem"; + $CAREQ="careq.pem"; + $CACERT="cacert.pem"; +--- apps/CA.sh 2009-10-15 19:27:47.000000000 +0200 ++++ apps/CA.sh 2010-04-01 00:35:02.600553509 +0200 +@@ -68,7 +68,7 @@ + X509="$OPENSSL x509" + PKCS12="openssl pkcs12" + +-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi ++if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi + CAKEY=./cakey.pem + CAREQ=./careq.pem + CACERT=./cacert.pem +--- apps/openssl.cnf 2009-04-04 20:09:43.000000000 +0200 ++++ apps/openssl.cnf 2010-04-01 00:35:02.607220681 +0200 +@@ -39,7 +39,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. diff --git a/no-rpath.patch b/no-rpath.patch new file mode 100644 index 000000000000..ebd95e23d397 --- /dev/null +++ b/no-rpath.patch @@ -0,0 +1,11 @@ +--- Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200 ++++ Makefile.shared 2005-11-16 22:35:37.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/ssl3-test-failure.patch b/ssl3-test-failure.patch new file mode 100644 index 000000000000..d161c3d4a593 --- /dev/null +++ b/ssl3-test-failure.patch @@ -0,0 +1,26 @@ +From: Kurt Roeckx <kurt@roeckx.be> +Date: Sun, 6 Sep 2015 16:04:11 +0200 +Subject: Disable SSLv3 test in test suite + +When testing SSLv3 the test program returns 0 for skip. The test for weak DH +expects a failure, but gets success. + +It should probably be changed to return something other than 0 for a skipped +test. +--- + test/testssl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/testssl b/test/testssl +index 747e4ba..1e4370b 100644 +--- a/test/testssl ++++ b/test/testssl +@@ -160,7 +160,7 @@ test_cipher() { + } + + echo "Testing ciphersuites" +-for protocol in TLSv1.2 SSLv3; do ++for protocol in TLSv1.2; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol |