summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorehs20132016-06-19 00:04:32 +0800
committerehs20132016-06-19 00:04:32 +0800
commitc9e2e183b2eac07633531660dea0bfd527b27c54 (patch)
treeaa34392311c114055d3517fd206affbee9da7d02
downloadaur-c9e2e183b2eac07633531660dea0bfd527b27c54.tar.gz
Initial commit
-rw-r--r--.SRCINFO26
-rw-r--r--PKGBUILD79
-rw-r--r--ca-dir.patch33
-rw-r--r--no-rpath.patch11
-rw-r--r--ssl3-test-failure.patch26
5 files changed, 175 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 00000000000..cbe32a0750e
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,26 @@
+pkgbase = openssl-static
+ pkgdesc = The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (static library)
+ pkgver = 1.0.2.h
+ pkgrel = 1
+ url = https://www.openssl.org
+ arch = i686
+ arch = x86_64
+ license = custom:BSD
+ depends = perl
+ optdepends = openssl: headers and pkg-config files
+ options = !makeflags
+ options = staticlibs
+ source = https://www.openssl.org/source/openssl-1.0.2h.tar.gz
+ source = https://www.openssl.org/source/openssl-1.0.2h.tar.gz.asc
+ source = no-rpath.patch
+ source = ssl3-test-failure.patch
+ source = ca-dir.patch
+ validpgpkeys = 8657ABB260F056B1E5190839D9C4D26D0E604491
+ md5sums = 9392e65072ce4b614c1392eefc1f23d0
+ md5sums = SKIP
+ md5sums = dc78d3d06baffc16217519242ce92478
+ md5sums = 62fc492252edd3283871632bb77fadbe
+ md5sums = 3bf51be3a1bbd262be46dc619f92aa90
+
+pkgname = openssl-static
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 00000000000..35438762066
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,79 @@
+# $Id$
+# Maintainer: Pierre Schmitz <pierre@archlinux.de>
+
+pkgname=openssl-static
+_pkgname=openssl
+_ver=1.0.2h
+# use a pacman compatible version scheme
+pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
+#pkgver=$_ver
+pkgrel=1
+pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (static library)'
+arch=('i686' 'x86_64')
+url='https://www.openssl.org'
+license=('custom:BSD')
+depends=('perl')
+optdepends=('openssl: headers and pkg-config files')
+options=('!makeflags' 'staticlibs')
+#backup=('etc/ssl/openssl.cnf')
+source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"
+ "https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz.asc"
+ 'no-rpath.patch'
+ 'ssl3-test-failure.patch'
+ 'ca-dir.patch')
+md5sums=('9392e65072ce4b614c1392eefc1f23d0'
+ 'SKIP'
+ 'dc78d3d06baffc16217519242ce92478'
+ '62fc492252edd3283871632bb77fadbe'
+ '3bf51be3a1bbd262be46dc619f92aa90')
+validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
+
+prepare() {
+ cd $srcdir/$_pkgname-$_ver
+
+ # remove rpath: http://bugs.archlinux.org/task/14367
+ patch -p0 -i $srcdir/no-rpath.patch
+
+ # disable a test that fails when ssl3 is disabled
+ patch -p1 -i $srcdir/ssl3-test-failure.patch
+
+ # set ca dir to /etc/ssl by default
+ patch -p0 -i $srcdir/ca-dir.patch
+}
+
+build() {
+ cd $srcdir/$_pkgname-$_ver
+
+ if [ "${CARCH}" == 'x86_64' ]; then
+ openssltarget='linux-x86_64'
+ optflags='enable-ec_nistp_64_gcc_128'
+ elif [ "${CARCH}" == 'i686' ]; then
+ openssltarget='linux-elf'
+ optflags=''
+ fi
+
+ # mark stack as non-executable: http://bugs.archlinux.org/task/12434
+ ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
+ no-shared no-ssl3-method ${optflags} \
+ "${openssltarget}" \
+ "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"
+
+ make depend -j
+ make -j
+}
+
+check() {
+ cd $srcdir/$_pkgname-$_ver
+ # the test fails due to missing write permissions in /etc/ssl
+ # revert this patch for make test
+ patch -p0 -R -i $srcdir/ca-dir.patch
+ #make test
+ patch -p0 -i $srcdir/ca-dir.patch
+}
+
+package() {
+ cd $srcdir/$_pkgname-$_ver
+ make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install
+ rm -rf "$pkgdir/usr/"{bin,include,share,lib/engines,lib/pkgconfig} $pkgdir/usr/lib/*.so* $pkgdir/etc
+ install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
+}
diff --git a/ca-dir.patch b/ca-dir.patch
new file mode 100644
index 00000000000..41d1386d3d0
--- /dev/null
+++ b/ca-dir.patch
@@ -0,0 +1,33 @@
+--- apps/CA.pl.in 2006-04-28 02:30:49.000000000 +0200
++++ apps/CA.pl.in 2010-04-01 00:35:02.600553509 +0200
+@@ -53,7 +53,7 @@
+ $X509="$openssl x509";
+ $PKCS12="$openssl pkcs12";
+
+-$CATOP="./demoCA";
++$CATOP="/etc/ssl";
+ $CAKEY="cakey.pem";
+ $CAREQ="careq.pem";
+ $CACERT="cacert.pem";
+--- apps/CA.sh 2009-10-15 19:27:47.000000000 +0200
++++ apps/CA.sh 2010-04-01 00:35:02.600553509 +0200
+@@ -68,7 +68,7 @@
+ X509="$OPENSSL x509"
+ PKCS12="openssl pkcs12"
+
+-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
++if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
+ CAKEY=./cakey.pem
+ CAREQ=./careq.pem
+ CACERT=./cacert.pem
+--- apps/openssl.cnf 2009-04-04 20:09:43.000000000 +0200
++++ apps/openssl.cnf 2010-04-01 00:35:02.607220681 +0200
+@@ -39,7 +39,7 @@
+ ####################################################################
+ [ CA_default ]
+
+-dir = ./demoCA # Where everything is kept
++dir = /etc/ssl # Where everything is kept
+ certs = $dir/certs # Where the issued certs are kept
+ crl_dir = $dir/crl # Where the issued crl are kept
+ database = $dir/index.txt # database index file.
diff --git a/no-rpath.patch b/no-rpath.patch
new file mode 100644
index 00000000000..ebd95e23d39
--- /dev/null
+++ b/no-rpath.patch
@@ -0,0 +1,11 @@
+--- Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200
++++ Makefile.shared 2005-11-16 22:35:37.000000000 +0100
+@@ -153,7 +153,7 @@
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
+ #This is rather special. It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/ssl3-test-failure.patch b/ssl3-test-failure.patch
new file mode 100644
index 00000000000..d161c3d4a59
--- /dev/null
+++ b/ssl3-test-failure.patch
@@ -0,0 +1,26 @@
+From: Kurt Roeckx <kurt@roeckx.be>
+Date: Sun, 6 Sep 2015 16:04:11 +0200
+Subject: Disable SSLv3 test in test suite
+
+When testing SSLv3 the test program returns 0 for skip. The test for weak DH
+expects a failure, but gets success.
+
+It should probably be changed to return something other than 0 for a skipped
+test.
+---
+ test/testssl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/testssl b/test/testssl
+index 747e4ba..1e4370b 100644
+--- a/test/testssl
++++ b/test/testssl
+@@ -160,7 +160,7 @@ test_cipher() {
+ }
+
+ echo "Testing ciphersuites"
+-for protocol in TLSv1.2 SSLv3; do
++for protocol in TLSv1.2; do
+ echo "Testing ciphersuites for $protocol"
+ for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+ test_cipher $cipher $protocol