diff options
| -rw-r--r-- | .SRCINFO | 28 | ||||
| -rw-r--r-- | PKGBUILD | 78 | ||||
| -rw-r--r-- | ca-dir.patch | 33 | ||||
| -rw-r--r-- | no-rpath.patch | 11 | ||||
| -rw-r--r-- | openssl-1.0.2d.tar.gz.asc | 11 | ||||
| -rw-r--r-- | openssl__noaesni.patch | 11 |
6 files changed, 172 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..fd00b32e4420 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,28 @@ +pkgbase = openssl-no-aesni + pkgdesc = The Open Source toolkit for Secure Sockets Layer and Transport Layer Security without AES-NI + pkgver = 1.0.2.d + pkgrel = 1 + url = https://www.openssl.org + arch = i686 + arch = x86_64 + license = custom:BSD + depends = zlib + depends = perl + optdepends = ca-certificates + provides = openssl=1.0.2.d + conflicts = openssl + options = !makeflags + backup = etc/ssl/openssl.cnf + source = https://www.openssl.org/source/openssl-1.0.2d.tar.gz + source = https://www.openssl.org/source/openssl-1.0.2d.tar.gz.asc + source = no-rpath.patch + source = ca-dir.patch + source = openssl__noaesni.patch + md5sums = 38dd619b2e77cbac69b99f52a053d25a + md5sums = SKIP + md5sums = dc78d3d06baffc16217519242ce92478 + md5sums = 3bf51be3a1bbd262be46dc619f92aa90 + md5sums = f274976a0c17e82c917ed163401d82b9 + +pkgname = openssl-no-aesni + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..b365b3031470 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,78 @@ +# $Id$ +# Maintainer: Pierre Schmitz <pierre@archlinux.de> + +_pkgname=openssl +pkgname=${_pkgname}-no-aesni +_ver=1.0.2d +# use a pacman compatible version scheme +pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} +#pkgver=$_ver +pkgrel=1 +pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security without AES-NI' +arch=('i686' 'x86_64') +url='https://www.openssl.org' +license=('custom:BSD') +depends=('zlib' 'perl') +conflicts=('openssl') +provides=("openssl=${pkgver}") +optdepends=('ca-certificates') +options=('!makeflags') +backup=('etc/ssl/openssl.cnf') +source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz" + "https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz.asc" + 'no-rpath.patch' + 'ca-dir.patch' + 'openssl__noaesni.patch') +md5sums=('38dd619b2e77cbac69b99f52a053d25a' + 'SKIP' + 'dc78d3d06baffc16217519242ce92478' + '3bf51be3a1bbd262be46dc619f92aa90' + 'f274976a0c17e82c917ed163401d82b9') +validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491') + +prepare() { + cd $srcdir/$_pkgname-$_ver + + # remove rpath: http://bugs.archlinux.org/task/14367 + patch -p0 -i $srcdir/no-rpath.patch + # set ca dir to /etc/ssl by default + patch -p0 -i $srcdir/ca-dir.patch + # patch for no aes-ni + patch -p0 -i $srcdir/openssl__noaesni.patch +} + +build() { + cd $srcdir/$_pkgname-$_ver + + if [ "${CARCH}" == 'x86_64' ]; then + openssltarget='linux-x86_64' + optflags='enable-ec_nistp_64_gcc_128' + elif [ "${CARCH}" == 'i686' ]; then + openssltarget='linux-elf' + optflags='' + fi + + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ + shared zlib ${optflags} \ + "${openssltarget}" \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make depend + make +} + +check() { + cd $srcdir/$_pkgname-$_ver + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test + patch -p0 -R -i $srcdir/ca-dir.patch + make test + patch -p0 -i $srcdir/ca-dir.patch +} + +package() { + cd $srcdir/$_pkgname-$_ver + make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install + install -D -m644 LICENSE $pkgdir/usr/share/licenses/$_pkgname/LICENSE +} diff --git a/ca-dir.patch b/ca-dir.patch new file mode 100644 index 000000000000..41d1386d3d06 --- /dev/null +++ b/ca-dir.patch @@ -0,0 +1,33 @@ +--- apps/CA.pl.in 2006-04-28 02:30:49.000000000 +0200 ++++ apps/CA.pl.in 2010-04-01 00:35:02.600553509 +0200 +@@ -53,7 +53,7 @@ + $X509="$openssl x509"; + $PKCS12="$openssl pkcs12"; + +-$CATOP="./demoCA"; ++$CATOP="/etc/ssl"; + $CAKEY="cakey.pem"; + $CAREQ="careq.pem"; + $CACERT="cacert.pem"; +--- apps/CA.sh 2009-10-15 19:27:47.000000000 +0200 ++++ apps/CA.sh 2010-04-01 00:35:02.600553509 +0200 +@@ -68,7 +68,7 @@ + X509="$OPENSSL x509" + PKCS12="openssl pkcs12" + +-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi ++if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi + CAKEY=./cakey.pem + CAREQ=./careq.pem + CACERT=./cacert.pem +--- apps/openssl.cnf 2009-04-04 20:09:43.000000000 +0200 ++++ apps/openssl.cnf 2010-04-01 00:35:02.607220681 +0200 +@@ -39,7 +39,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. diff --git a/no-rpath.patch b/no-rpath.patch new file mode 100644 index 000000000000..ebd95e23d397 --- /dev/null +++ b/no-rpath.patch @@ -0,0 +1,11 @@ +--- Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200 ++++ Makefile.shared 2005-11-16 22:35:37.000000000 +0100 +@@ -153,7 +153,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/openssl-1.0.2d.tar.gz.asc b/openssl-1.0.2d.tar.gz.asc new file mode 100644 index 000000000000..bb3d9fbd88b7 --- /dev/null +++ b/openssl-1.0.2d.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJVnmMAAAoJENnE0m0OYESRFMAIALdJSJRX5Na77O4wTzrhE/O+ +0QU0MhqZikfEsngd5F47f5fwTGmXM3+oLJ3J94okqxuBeicAMq90MRxUe9cczUqr +qZ3MH5dMJ12rwaKnnyUH2Xl5Zg41px4tL7oD9piGJc52dKmEbX+t7dUKj/N3WglZ +uKYp7jxV0tdzZeQcuPIOxq74yGQuYTell+hHXKdlmYPrH8LL27ZUpVmGuCUrHBku +6+VDZVvRZFvTPy2IrIoI5e0lN9qUobyhoGUUICXYEaKMt1xenTWCi9CFzTEmrhjq +54Zp4CgVXj24PwNKJ42v3jgN4nVEsMSreD0SDyOh2d2kV0/51avX7KmHAjPYD6Y= +=U3sw +-----END PGP SIGNATURE----- diff --git a/openssl__noaesni.patch b/openssl__noaesni.patch new file mode 100644 index 000000000000..3711c2405b25 --- /dev/null +++ b/openssl__noaesni.patch @@ -0,0 +1,11 @@ +--- crypto/cryptlib.c 2015-11-11 18:59:56.930196694 +0100 ++++ crypto/cryptlib.c 2015-11-11 20:42:50.074557585 +0100 +@@ -702,7 +702,7 @@ + OPENSSL_ia32cap_P[2] = vecx; + } + } else +- vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); ++ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & (~0x200000200000000); + + /* + * |(1<<10) sets a reserved bit to signal that variable |