blob: 1e82d0dbe3be688cff6f0445b7a688737324dcf0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
# $Id$
# Maintainer: Allen Zhong <moeallenz@gmail.com>
# Maintainer: Yishen Miao <mys721tx@gmail.com>
# Contributor: Pierre Schmitz <pierre@archlinux.de>
_pkgname=openssl-1.0
pkgname=${_pkgname}-chacha20
_ver=1.0.2u
# use a pacman compatible version scheme
pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
#pkgver=$_ver
pkgrel=1
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security with Chacha20 cipher'
arch=('x86_64')
url='https://www.openssl.org'
license=('custom:BSD')
depends=('perl')
optdepends=('ca-certificates')
options=('!makeflags')
backup=('etc/ssl/openssl.cnf')
conflicts=('openssl-1.0')
provides=("openssl-1.0=${pkgver}")
source=("https://www.openssl.org/source/openssl-${_ver}.tar.gz"
"https://www.openssl.org/source/openssl-${_ver}.tar.gz.asc"
'no-rpath.patch'
'ssl3-test-failure.patch'
'openssl-1.0-versioned-symbols.patch'
'openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch')
sha256sums=('ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16'
'SKIP'
'754d6107a306311e15a1db6a1cc031b81691c8b9865e8809ac60ca6f184c957c'
'c54ae87c602eaa1530a336ab7c6e22e12898e1941012349c153e52553df64a13'
'9826076af410ac72180f9efbbcc53d0a31915e8a7d659308e8a53407edfb0fcc'
'd6f9427d5cb63c7299563c201cd8708c7166e0f8c98b57a1fee69767362bf0f7')
validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
prepare() {
cd $srcdir/openssl-$_ver
# Cloudflare patch
# https://github.com/cloudflare/sslconfig/blob/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
patch -p1 -i $srcdir/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
# remove rpath: http://bugs.archlinux.org/task/14367
patch -p0 -i $srcdir/no-rpath.patch
# disable a test that fails when ssl3 is disabled
patch -p1 -i $srcdir/ssl3-test-failure.patch
# add symbol versioning to prevent conflicts with openssl 1.1 symbols (Debian)
patch -p1 -i "$srcdir"/openssl-1.0-versioned-symbols.patch
}
build() {
cd "$srcdir/openssl-$_ver"
export CC=gcc
export CXX=g++
if [ "${CARCH}" == 'x86_64' ]; then
openssltarget='linux-x86_64'
optflags='enable-ec_nistp_64_gcc_128'
elif [ "${CARCH}" == 'i686' ]; then
openssltarget='linux-elf'
optflags=''
fi
# mark stack as non-executable: http://bugs.archlinux.org/task/12434
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib/openssl-1.0 \
shared no-ssl3-method ${optflags} \
"${openssltarget}" \
"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"
make depend
make
}
check() {
cd "$srcdir/openssl-$_ver"
# the test fails due to missing write permissions in /etc/ssl
# revert this patch for make test
make test
}
package() {
cd "$srcdir/openssl-$_ver"
make INSTALL_PREFIX="$pkgdir" install_sw
# Move some files around
install -m755 -d "$pkgdir/usr/include/openssl-1.0"
mv "$pkgdir/usr/include/openssl" "$pkgdir/usr/include/openssl-1.0/"
mv "$pkgdir/usr/lib/openssl-1.0/libcrypto.so.1.0.0" "$pkgdir/usr/lib/"
mv "$pkgdir/usr/lib/openssl-1.0/libssl.so.1.0.0" "$pkgdir/usr/lib/"
ln -sf ../libssl.so.1.0.0 "$pkgdir/usr/lib/openssl-1.0/libssl.so"
ln -sf ../libcrypto.so.1.0.0 "$pkgdir/usr/lib/openssl-1.0/libcrypto.so"
mv "$pkgdir/usr/bin/openssl" "$pkgdir/usr/bin/openssl-1.0"
# Update includedir in .pc files
sed -e 's|/include$|/include/openssl-1.0|' -i "$pkgdir"/usr/lib/openssl-1.0/pkgconfig/*.pc
rm -rf "$pkgdir"/{etc,usr/bin/c_rehash}
install -D -m644 LICENSE $pkgdir/usr/share/licenses/${_pkgname}/LICENSE
}
|