#!/bin/bash
# Copyright 2000 BSDi, Inc. Concord, CA, USA
# Copyright 2001, 2002 Slackware Linux, Inc. Concord, CA, USA
# Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Set initial variables:
cd $(dirname $0) ; CWD=$(pwd)
TMP=${TMP:-/tmp}
PKGNAM=openssl10
VERSION=${VERSION:-$(echo openssl-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
PKG1=$TMP/package-openssl10
PKG2=$TMP/package-ossllibs10
NAME1=openssl10-$VERSION-$ARCH-$BUILD
NAME2=openssl10-solibs-$VERSION-$ARCH-$BUILD
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "${NAME1}.txz"
echo "${NAME2}.txz"
exit 0
fi
# Parallel build doesn't link properly.
#NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
# So that ls has the right field counts for parsing...
export LC_ALL=C
cd $TMP
rm -rf $PKG1 $PKG2 openssl-$VERSION
tar xvf $CWD/openssl-$VERSION.tar.gz || exit 1
cd openssl-$VERSION
# OpenSSL-1.0.2 wiil require the use of versioned symbols in order to avoid
# collisions with OpenSSL-1.1.x symbols if something links to both:
zcat $CWD/openssl-1.0-versioned-symbols.patch.gz | patch -p1 --verbose || exit 1
# Fix pod syntax errors which are fatal wih a newer perl:
find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|$\)/\=item C<\1>/g" {} \;
# Use .so.1, not .so.1.0.0:
sed -i "s/soname=\$\$SHLIB\$\$SHLIB_SOVER\$\$SHLIB_SUFFIX/soname=\$\$SHLIB.1/g" Makefile.shared
if [ "$ARCH" = "i586" ]; then
# Build with -march=i586 -mtune=i686:
sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i586 -mtune=i686/g" Configure
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
# Build with -march=i686 -mtune=i686:
sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
LIBDIRSUFFIX="64"
fi
# OpenSSL has a (nasty?) habit of bumping the internal version number with
# every release. This wouldn't be so bad, but some applications are so
# paranoid that they won't run against a different OpenSSL version than
# what they were compiled against, whether or not the ABI has changed.
#
# So, we will use the OPENSSL_VERSION_NUMBER from openssl-1.0.2o unless ABI
# breakage forces it to change. Yes, we're finally using this old trick. :)
#
# Note: we updated this to 1.0.2o since introducing symbol versioning broke
# the ABI. Now we'll leave it alone again.
sed -i "s/#define OPENSSL_VERSION_NUMBER.*/\/* Use 0x100020ffL (1.0.2o) below to avoid pointlessly breaking the ABI *\/\n#define OPENSSL_VERSION_NUMBER 0x100020ffL/g" crypto/opensslv.h || exit 1
chown -R root:root .
mkdir -p $PKG1/usr/doc/openssl-$VERSION
cp -a CHANGES CHANGES.SSLeay FAQ INSTALL INSTALL.MacOS INSTALL.VMS INSTALL.W32 \
LICENSE NEWS README README.ENGINE $PKG1/usr/doc/openssl-$VERSION
find $PKG1/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \;
find $PKG1/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \;
# If there's a CHANGES file, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r CHANGES ]; then
DOCSDIR=$(echo $PKG1/usr/doc/*-$VERSION)
cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES
touch -r CHANGES $DOCSDIR/CHANGES
fi
# These are the known patent issues with OpenSSL:
# name # expires
# MDC-2: 4,908,861 2007-03-13, not included.
# IDEA: 5,214,703 2010-05-25, not included.
# RC5: 5,724,428 2015-03-03, not included.
#
# Although all of the above are expired, it's still probably
# not a good idea to include them as there are better
# algorithms to use.
./config \
--prefix=/usr \
--openssldir=/etc/ssl \
--libdir=lib${LIBDIRSUFFIX}/openssl-1.0 \
no-mdc2 \
no-idea \
no-rc5 \
no-sse2 \
no-ssl2 \
no-weak-ssl-ciphers \
shared
make $NUMJOBS depend || make depend || exit 1
make $NUMJOBS || make || exit 1
make install INSTALL_PREFIX=$PKG1 || exit 1
# No thanks on static libraries:
rm -f $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.0/*.a
# Make the .so.? library symlinks:
( cd $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.0 ; ldconfig -l lib*.so.* )
# Move libraries, as they might be needed by programs that bring a network
# mounted /usr online:
mkdir $PKG1/lib${LIBDIRSUFFIX}
( cd $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.0
for file in lib*.so.?.* ; do
mv $file ../../../lib${LIBDIRSUFFIX}
ln -sf ../../../lib${LIBDIRSUFFIX}/$file .
done
cp -a lib*.so.? ../../../lib${LIBDIRSUFFIX}
)
# Move include files:
mkdir -p $PKG1/usr/include/openssl-1.0
mv $PKG1/usr/include/openssl $PKG1/usr/include/openssl-1.0/openssl
# Edit .pc files to correct the includedir:
sed -e "s|/include$|/include/openssl-1.0|" -i $PKG1/usr/lib${LIBDIRSUFFIX}/openssl-1.0/pkgconfig/*.pc
# Rename openssl binary:
mv $PKG1/usr/bin/openssl $PKG1/usr/bin/openssl-1.0
# Don't package these things:
rm -rf $PKG1/etc $PKG1/usr/bin/c_rehash
# Not needed in openssl10 compat package.
#
## Add a cron script to warn root if a certificate is going to expire soon:
#mkdir -p $PKG1/etc/cron.daily
#zcat $CWD/certwatch.gz > $PKG1/etc/cron.daily/certwatch.new
#chmod 755 $PKG1/etc/cron.daily/certwatch.new
#mv $PKG1/etc/ssl/openssl.cnf $PKG1/etc/ssl/openssl.cnf.new
( cd $PKG1
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)
#mv $PKG1/etc/ssl/man $PKG1/usr
## Fix manpage name collisions, and relink anything that linked to the old name:
#( cd $PKG1/usr/man/man1
# mv passwd.1 ssl_passwd.1
# for file in *.1 ; do
# if [ -L $file ]; then
# if [ "$(readlink $file)" = "passwd.1" ]; then
# rm -f $file
# ln -sf ssl_passwd.1 $file
# fi
# fi
# done )
#( cd $PKG1/usr/man/man3
# mv rand.3 ssl_rand.3
# for file in *.3 ; do
# if [ -L $file ]; then
# if [ "$(readlink $file)" = "rand.3" ]; then
# rm -f $file
# ln -sf ssl_rand.3 $file
# fi
# fi
# done )
#( cd $PKG1/usr/man/man3
# mv err.3 ssl_err.3
# for file in *.3 ; do
# if [ -L $file ]; then
# if [ "$(readlink $file)" = "err.3" ]; then
# rm -f $file
# ln -sf ssl_err.3 $file
# fi
# fi
# done )
#
## Compress and symlink the man pages:
#if [ -d $PKG1/usr/man ]; then
# ( cd $PKG1/usr/man
# for manpagedir in $(find . -type d -name "man*") ; do
# ( cd $manpagedir
# for eachpage in $( find . -type l -maxdepth 1) ; do
# ln -s $( readlink $eachpage ).gz $eachpage.gz
# rm $eachpage
# done
# gzip -9 *.?
# )
# done
# )
#fi
# If there's an openssl0 directory, then build openssl-0 shared libraries for
# compatibility with programs linked to those:
if [ -d $CWD/openssl0 ]; then
( cd $CWD/openssl0
./openssl0.build || exit 1
) || exit 1
# Don't put these in the openssl package... openssl-solibs is enough.
#mkdir -p $PKG1/lib${LIBDIRSUFFIX}
#cp -a $TMP/package-openssl0/usr/lib/lib*.so.?.?.? $PKG1/lib${LIBDIRSUFFIX}
#( cd $PKG1/lib${LIBDIRSUFFIX} ; ldconfig -l lib*.so.?.?.? )
mkdir -p $PKG2/lib${LIBDIRSUFFIX}
cp -a $TMP/package-openssl0/usr/lib/lib*.so.?.?.? $PKG2/lib${LIBDIRSUFFIX}
( cd $PKG2/lib${LIBDIRSUFFIX} ; ldconfig -l lib*.so.?.?.? )
fi
cd $PKG1
#chmod 755 usr/lib${LIBDIRSUFFIX}/pkgconfig
#sed -i -e "s#lib\$#lib${LIBDIRSUFFIX}#" usr/lib${LIBDIRSUFFIX}/pkgconfig/*.pc
mkdir -p install
cat $CWD/slack-desc.openssl10 > install/slack-desc
/sbin/makepkg -l y -c n $TMP/${NAME1}.txz
# Make runtime package:
mkdir -p $PKG2/lib${LIBDIRSUFFIX}
( cd lib${LIBDIRSUFFIX} ; cp -a lib*.so.* $PKG2/lib${LIBDIRSUFFIX} )
( cd $PKG2/lib${LIBDIRSUFFIX} ; ldconfig -l * )
#mkdir -p $PKG2/etc
#( cd $PKG2/etc ; cp -a $PKG1/etc/ssl . )
mkdir -p $PKG2/usr/doc/openssl-$VERSION
( cd $TMP/openssl-$VERSION
cp -a CHANGES CHANGES.SSLeay FAQ INSTALL INSTALL.MacOS INSTALL.VMS INSTALL.W32 \
LICENSE NEWS README README.ENGINE $PKG2/usr/doc/openssl-$VERSION
# If there's a CHANGES file, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r CHANGES ]; then
DOCSDIR=$(echo $PKG2/usr/doc/*-$VERSION)
cat CHANGES | head -n 2000 > $DOCSDIR/CHANGES
touch -r CHANGES $DOCSDIR/CHANGES
fi
)
find $PKG2/usr/doc/openssl-$VERSION -type d -exec chmod 755 {} \;
find $PKG2/usr/doc/openssl-$VERSION -type f -exec chmod 644 {} \;
cd $PKG2
mkdir -p install
cat $CWD/slack-desc.openssl10-solibs > install/slack-desc
/sbin/makepkg -l y -c n $TMP/${NAME2}.txz