Context Navigation

openssl.SlackBuild.orig @ f9ce31e

perl-5.22

Last change on this file since f9ce31e was f9ce31e, checked in by Edwin Eefting <edwin@datux.nl>, 7 years ago
updated to openssl 1.1.x, added ca-certificates. cleanup
Property mode set to `100755`
File size: 8.9 KB

Line
1	#!/bin/bash
2
3	# Copyright 2000 BSDi, Inc. Concord, CA, USA
4	# Copyright 2001, 2002 Slackware Linux, Inc. Concord, CA, USA
5	# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA
6	# All rights reserved.
7	#
8	# Redistribution and use of this script, with or without modification, is
9	# permitted provided that the following conditions are met:
10	#
11	# 1. Redistributions of this script must retain the above copyright
12	# notice, this list of conditions and the following disclaimer.
13	#
14	# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
15	# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16	# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
17	# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18	# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19	# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
20	# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
21	# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22	# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
23	# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24
25	# Set initial variables:
26	cd $(dirname $0) ; CWD=$(pwd)
27	TMP=${TMP:-/tmp}
28
29	PKGNAM=openssl
30	VERSION=${VERSION:-$(echo openssl-*.tar.gz \| rev \| cut -f 3- -d . \| cut -f 1 -d - \| rev)}
31	BUILD=${BUILD:-2}
32
33	# Automatically determine the architecture we're building on:
34	if [ -z "$ARCH" ]; then
35	case "$( uname -m )" in
36	i?86) export ARCH=i586 ;;
37	arm*) export ARCH=arm ;;
38	# Unless $ARCH is already set, use uname -m for all other archs:
39	*) export ARCH=$( uname -m ) ;;
40	esac
41	fi
42
43	PKG1=$TMP/package-openssl
44	PKG2=$TMP/package-ossllibs
45	NAME1=openssl-$VERSION-$ARCH-$BUILD
46	NAME2=openssl-solibs-$VERSION-$ARCH-$BUILD
47
48	# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
49	# the name of the created package would be, and then exit. This information
50	# could be useful to other scripts.
51	if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
52	echo "${NAME1}.txz"
53	echo "${NAME2}.txz"
54	exit 0
55	fi
56
57	# Parallel build doesn't link properly.
58	#NUMJOBS=${NUMJOBS:--j6}
59
60	# So that ls has the right field counts for parsing...
61	export LC_ALL=C
62
63	cd $TMP
64	rm -rf $PKG1 $PKG2 openssl-$VERSION
65
66	tar xvf $CWD/openssl-$VERSION.tar.gz \|\| exit 1
67	cd openssl-$VERSION
68
69	# Fix pod syntax errors which are fatal wih a newer perl:
70	find . -name "*.pod" -exec sed -i "s/^\=item $[0-9]$$\ \\|$$/\=item C<\1>/g" {} \;
71
72	## For openssl-1.1.x, don't try to change the soname.
73	## Use .so.1, not .so.1.0.0:
74	#sed -i "s/soname=\$\$SHLIB\$\$SHLIB_SOVER\$\$SHLIB_SUFFIX/soname=\$\$SHLIB.1/g" Makefile.shared
75
76	if [ "$ARCH" = "i586" ]; then
77	# Build with -march=i586 -mtune=i686:
78	sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i586 -mtune=i686/g" Configure
79	LIBDIRSUFFIX=""
80	elif [ "$ARCH" = "i686" ]; then
81	# Build with -march=i686 -mtune=i686:
82	sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure
83	LIBDIRSUFFIX=""
84	elif [ "$ARCH" = "x86_64" ]; then
85	LIBDIRSUFFIX="64"
86	fi
87
88	# OpenSSL has a (nasty?) habit of bumping the internal version number with
89	# every release. This wouldn't be so bad, but some applications are so
90	# paranoid that they won't run against a different OpenSSL version than
91	# what they were compiled against, whether or not the ABI has changed.
92	#
93	# So, we will use the OPENSSL_VERSION_NUMBER from openssl-1.1.0h unless ABI
94	# breakage forces it to change. Yes, we're finally using this old trick. :)
95	sed -i "s/#define OPENSSL_VERSION_NUMBER./\/ Use 0x1010008fL (1.1.0h) below to avoid pointlessly breaking the ABI *\/\n#define OPENSSL_VERSION_NUMBER 0x1000205fL/g" include/openssl/opensslv.h \|\| exit 1
96
97	chown -R root:root .
98	mkdir -p $PKG1/usr/doc/openssl-$VERSION
99	cp -a ACKNOWLEDGEMENTS AUTHORS CHANGES* CONTRIBUTING FAQ INSTALL* \
100	LICENSE* NEWS NOTES* README* doc \
101	$PKG1/usr/doc/openssl-$VERSION
102	find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \;
103	find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \;
104
105	# If there's a CHANGES file, installing at least part of the recent history
106	# is useful, but don't let it get totally out of control:
107	if [ -r CHANGES ]; then
108	DOCSDIR=$(echo $PKG1/usr/doc/*-$VERSION)
109	cat CHANGES \| head -n 2000 > $DOCSDIR/CHANGES
110	touch -r CHANGES $DOCSDIR/CHANGES
111	fi
112
113	# These are the known patent issues with OpenSSL:
114	# name # expires
115	# MDC-2: 4,908,861 2007-03-13, not included.
116	# IDEA: 5,214,703 2010-05-25, not included.
117	#
118	# Although all of the above are expired, it's still probably
119	# not a good idea to include them as there are better
120	# algorithms to use.
121
122	./config \
123	--prefix=/usr \
124	--openssldir=/etc/ssl \
125	zlib \
126	enable-camellia \
127	enable-seed \
128	enable-rfc3779 \
129	enable-cms \
130	enable-md2 \
131	enable-rc5 \
132	enable-ssl3 \
133	enable-ssl3-method \
134	no-weak-ssl-ciphers \
135	no-mdc2 \
136	no-ec2m \
137	no-idea \
138	no-sse2 \
139	shared
140
141	make $NUMJOBS depend \|\| make depend \|\| exit 1
142
143	make $NUMJOBS \|\| make \|\| exit 1
144
145	make install DESTDIR=$PKG1 \|\| exit 1
146
147	# No thanks on the static libraries:
148	rm -f $PKG1/usr/lib${LIBDIRSUFFIX}/*.a
149
150	# No thanks on manpages duplicated as html:
151	rm -rf $PKG1/usr/share/doc
152
153	# Make the .so.? library symlinks:
154	( cd $PKG1/usr/lib${LIBDIRSUFFIX} ; ldconfig -l lib.so. )
155
156	# Move libraries, as they might be needed by programs that bring a network
157	# mounted /usr online:
158
159	mkdir $PKG1/lib${LIBDIRSUFFIX}
160	( cd $PKG1/usr/lib${LIBDIRSUFFIX}
161	for file in lib.so.?. ; do
162	mv $file ../../lib${LIBDIRSUFFIX}
163	ln -sf ../../lib${LIBDIRSUFFIX}/$file .
164	done
165	# cp -a lib*.so.? ../../lib${LIBDIRSUFFIX}
166	)
167
168	# Add a cron script to warn root if a certificate is going to expire soon:
169	mkdir -p $PKG1/etc/cron.daily
170	zcat $CWD/certwatch.gz > $PKG1/etc/cron.daily/certwatch.new
171	chmod 755 $PKG1/etc/cron.daily/certwatch.new
172
173	# Make config file non-clobber:
174	mv $PKG1/etc/ssl/openssl.cnf $PKG1/etc/ssl/openssl.cnf.new
175
176	# Remove duplicate config file:
177	rm -f $PKG1/etc/ssl/openssl.cnf.dist
178
179	( cd $PKG1
180	find . \| xargs file \| grep "executable" \| grep ELF \| cut -f 1 -d : \| xargs strip --strip-unneeded 2> /dev/null
181	find . \| xargs file \| grep "shared object" \| grep ELF \| cut -f 1 -d : \| xargs strip --strip-unneeded 2> /dev/null
182	)
183
184	# Relocate the manpages:
185	mv $PKG1/usr/share/man $PKG1/usr
186	rmdir $PKG1/usr/share
187
188	# Fix manpage name collisions, and relink anything that linked to the old name:
189	( cd $PKG1/usr/man/man1
190	mv passwd.1 ssl_passwd.1
191	for file in *.1 ; do
192	if [ -L $file ]; then
193	if [ "$(readlink $file)" = "passwd.1" ]; then
194	rm -f $file
195	ln -sf ssl_passwd.1 $file
196	fi
197	fi
198	done )
199
200	# Compress and symlink the man pages:
201	if [ -d $PKG1/usr/man ]; then
202	( cd $PKG1/usr/man
203	for manpagedir in $(find . -type d -name "man*") ; do
204	( cd $manpagedir
205	for eachpage in $( find . -type l -maxdepth 1) ; do
206	ln -s $( readlink $eachpage ).gz $eachpage.gz
207	rm $eachpage
208	done
209	gzip -9 *.?
210	)
211	done
212	)
213	fi
214
215	# If there's an openssl1 directory, then build openssl-1.0 shared libraries for
216	# compatibility with programs linked to those:
217	if [ -d $CWD/openssl1 ]; then
218	( cd $CWD/openssl1
219	./openssl1.build \|\| exit 1
220	) \|\| exit 1
221	# Don't put these in the openssl package... openssl-solibs is enough.
222	#mkdir -p $PKG1/lib${LIBDIRSUFFIX}
223	#cp -a $TMP/package-openssl1/usr/lib/lib*.so.?.?.? $PKG1/lib${LIBDIRSUFFIX}
224	#( cd $PKG1/lib${LIBDIRSUFFIX} ; ldconfig -l lib*.so.?.?.? )
225	mkdir -p $PKG2/lib${LIBDIRSUFFIX}
226	cp -a $TMP/package-openssl1/usr/lib${LIBDIRSUFFIX}/lib*.so.?.?.? $PKG2/lib${LIBDIRSUFFIX}
227	( cd $PKG2/lib${LIBDIRSUFFIX} ; ldconfig -l lib*.so.?.?.? )
228	fi
229
230	cd $PKG1
231	chmod 755 usr/lib${LIBDIRSUFFIX}/pkgconfig
232	sed -i -e "s#lib\$#lib${LIBDIRSUFFIX}#" usr/lib${LIBDIRSUFFIX}/pkgconfig/*.pc
233	mkdir -p install
234	zcat $CWD/doinst.sh-openssl.gz > install/doinst.sh
235	cat $CWD/slack-desc.openssl > install/slack-desc
236	/sbin/makepkg -l y -c n $TMP/${NAME1}.txz
237
238	# Make runtime package:
239	mkdir -p $PKG2/lib${LIBDIRSUFFIX}
240	( cd lib${LIBDIRSUFFIX} ; cp -a lib.so. $PKG2/lib${LIBDIRSUFFIX} )
241	( cd $PKG2/lib${LIBDIRSUFFIX} ; ldconfig -l * )
242	mkdir -p $PKG2/etc
243	( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . )
244	mkdir -p $PKG2/usr/doc/openssl-$VERSION
245	( cd $TMP/openssl-$VERSION
246	cp -a ACKNOWLEDGEMENTS AUTHORS CHANGES* CONTRIBUTING FAQ INSTALL* \
247	LICENSE* NEWS NOTES* README* $PKG2/usr/doc/openssl-$VERSION
248	# If there's a CHANGES file, installing at least part of the recent history
249	# is useful, but don't let it get totally out of control:
250	if [ -r CHANGES ]; then
251	DOCSDIR=$(echo $PKG2/usr/doc/*-$VERSION)
252	cat CHANGES \| head -n 2000 > $DOCSDIR/CHANGES
253	touch -r CHANGES $DOCSDIR/CHANGES
254	fi
255	)
256
257	find $PKG2/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \;
258	find $PKG2/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \;
259	cd $PKG2
260	mkdir -p install
261	zcat $CWD/doinst.sh-openssl-solibs.gz > install/doinst.sh
262	cat $CWD/slack-desc.openssl-solibs > install/slack-desc
263	/sbin/makepkg -l y -c n $TMP/${NAME2}.txz

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format