Arch Linux User Repository

Note for anyone installing this package, if you add no-tests to the configure step the build is 99x faster since it doesn't build and run the entire test suite!

my build is failing updating from 3.4.0-1 -> 3.4.1-1

Test Summary Report

82-test_ocsp_cert_chain.t (Wstat: 256 (exited 1) Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=325, Tests=3819, 28 wallclock secs ( 5.78 usr 0.56 sys + 314.45 cusr 98.68 csys = 419.47 CPU) Result: FAIL

should I create an openssl issue for this?

I am now the maintainer of this package. It will remain in sync with upstream since there isn't any difference except the staticlibs option.

Can I get co-maintainer on this?

An upgrade to the next version v3.1.3 can be made with this small patch.

diff --git a/PKGBUILD b/PKGBUILD
index 2b4c26d..eeffbc8 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@

 pkgname=openssl-static
 _pkgname=openssl
-_ver=3.1.2
+_ver=3.1.3
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 pkgrel=1
@@ -21,7 +21,7 @@ options=('staticlibs')
 conflicts=('openssl')
 source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"{,.asc}
    'ca-dir.patch')
-sha256sums=('a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539'
+sha256sums=('f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6'
             'SKIP'
             '0a32d9ca68e8d985ce0bfef6a4c20b46675e06178cc2d0bf6d91bd6865d648b7')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491'

Is this package still useful to keep for any specific purpose?

As far as I can tell, no other package depends on this particular build.

For v3.0.9, the following diff applied to the PKGBUILD works:

diff --git a/PKGBUILD b/PKGBUILD
index c5ed629..e9d29a0 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@

 pkgname=openssl-static
 _pkgname=openssl
-_ver=3.0.8
+_ver=3.0.9
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 pkgrel=1
@@ -21,7 +21,7 @@ options=('staticlibs')
 conflicts=('openssl')
 source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"{,.asc}
    'ca-dir.patch')
-sha256sums=('6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e'
+sha256sums=('eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90'
             'SKIP'
             '0a32d9ca68e8d985ce0bfef6a4c20b46675e06178cc2d0bf6d91bd6865d648b7')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491'

The following patch works for building openssl-3.0.7-static

diff --git a/PKGBUILD b/PKGBUILD
index e9abf28..3c0f987 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,10 +4,10 @@

 pkgname=openssl-static
 _pkgname=openssl
-_ver=1.1.1q
+_ver=3.0.7
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
-pkgrel=1
+pkgrel=2
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (with static libs)'
 arch=('x86_64')
 url='https://www.openssl.org'
@@ -18,21 +18,22 @@ optdepends=('ca-certificates' 'perl')
 replaces=('openssl-perl' 'openssl-doc')
 backup=('etc/ssl/openssl.cnf')
 options=('staticlibs')
-provides=("openssl=$pkgver")
+provides=("openssl=$pkgver" 'libcrypto.so' 'libssl.so')
 conflicts=('openssl')
 source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"{,.asc}
    'ca-dir.patch')
-sha256sums=('d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca'
+sha256sums=('83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e'
             'SKIP'
-            '75aa8c2c638c8a3ebfd9fa146fc61c7ff878fc997dc6aa10d39e4b2415d669b2')
+            '0a32d9ca68e8d985ce0bfef6a4c20b46675e06178cc2d0bf6d91bd6865d648b7')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491'
-   '7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C')
+   '7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C'
+   'A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C')

 prepare() {
    cd "$srcdir/$_pkgname-$_ver"

    # set ca dir to /etc/ssl by default
-   patch -p0 -i "$srcdir/ca-dir.patch"
+   patch -Np1 -i "$srcdir/ca-dir.patch"
 }

 build() {
@@ -53,11 +54,11 @@ check() {

    # the test fails due to missing write permissions in /etc/ssl
    # revert this patch for make test
-   patch -p0 -R -i "$srcdir/ca-dir.patch"
+   patch -Rp1 -i  "$srcdir/ca-dir.patch"

    make test

-   patch -p0 -i "$srcdir/ca-dir.patch"
+   patch -Np1 -i "$srcdir/ca-dir.patch"
    # re-run make to re-generate CA.pl from th patched .in file.
    make apps/CA.pl
 }
@@ -67,5 +68,5 @@ package() {

    make DESTDIR="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs

-   install -D -m644 LICENSE "$pkgdir/usr/share/licenses/$_pkgname/LICENSE"
+   install -D -m644 LICENSE.txt "$pkgdir/usr/share/licenses/$_pkgname/LICENSE.txt"
 }
diff --git a/ca-dir.patch b/ca-dir.patch
index d0ad704..ba05eae 100644
--- a/ca-dir.patch
+++ b/ca-dir.patch
@@ -1,17 +1,17 @@
---- apps/CA.pl.in  2019-09-10 15:13:07.000000000 +0200
-+++ apps/CA.pl.in  2019-10-06 09:34:23.960864556 +0200
-@@ -33,7 +33,7 @@
+--- a/apps/CA.pl.in
++++ b/apps/CA.pl.in
+@@ -29,7 +29,7 @@
  my $PKCS12 = "$openssl pkcs12";

- # default openssl.cnf file has setup as per the following
+ # Default values for various configuration settings.
 -my $CATOP = "./demoCA";
 +my $CATOP = "/etc/ssl";
  my $CAKEY = "cakey.pem";
  my $CAREQ = "careq.pem";
  my $CACERT = "cacert.pem";
---- apps/openssl.cnf   2019-09-10 15:13:07.000000000 +0200
-+++ apps/openssl.cnf   2019-10-06 09:34:23.960864556 +0200
-@@ -42,7 +42,7 @@
+--- a/apps/openssl.cnf
++++ b/apps/openssl.cnf
+@@ -79,7 +79,7 @@
  ####################################################################
  [ CA_default ]

@@ -20,7 +20,7 @@
  certs     = $dir/certs        # Where the issued certs are kept
  crl_dir       = $dir/crl      # Where the issued crl are kept
  database  = $dir/index.txt    # database index file.
-@@ -325,7 +325,7 @@
+@@ -309,7 +309,7 @@
  [ tsa_config1 ]

  # These are used by the TSA reply generation only.