[ipfire-2.x.git] / lfs / openssl

###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

###############################################################################
# Definitions
###############################################################################

include Config

VER        = 1.0.2n

THISAPP    = openssl-$(VER)
DL_FILE    = $(THISAPP).tar.gz
DL_FROM    = $(URL_IPFIRE)
DIR_APP    = $(DIR_SRC)/$(THISAPP)

TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)

ifneq "$(KCFG)" "-sse2"
CFLAGS += -DPURIFY
else
CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
CFLAGS+= -mindirect-branch=thunk -mfunction-return=thunk
CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
CFLAGS+= -fomit-frame-pointer -DPURIFY
CXXFLAGS="${CFLAGS}"
endif

export RPM_OPT_FLAGS = $(CFLAGS)

CONFIGURE_OPTIONS = \
	--prefix=/usr \
	--openssldir=/etc/ssl \
	--enginesdir=/usr/lib/openssl/engines \
	shared \
	zlib-dynamic \
	enable-camellia \
	enable-md2 \
	disable-ssl2 \
	enable-seed \
	enable-tlsext \
	enable-rfc3779 \
	no-idea \
	no-mdc2 \
	no-rc5 \
	no-srp \
	-DSSL_FORBID_ENULL \
	$(OPENSSL_ARCH)

ifeq "$(IS_64BIT)" "1"
	OPENSSL_ARCH = linux-generic64
else
	OPENSSL_ARCH = linux-generic32
endif

ifeq "$(BUILD_ARCH)" "aarch64"
	OPENSSL_ARCH = linux-aarch64
endif

ifeq "$(BUILD_ARCH)" "x86_64"
	OPENSSL_ARCH = linux-x86_64
endif

ifeq "$(BUILD_ARCH)" "i586"
	OPENSSL_ARCH = linux-elf

  ifneq "$(KCFG)" "-sse2"
	OPENSSL_ARCH += no-sse2
  endif
endif

###############################################################################
# Top-level Rules
###############################################################################

objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

$(DL_FILE)_MD5 = 13bdc1b1d1ff39b6fd42a255e74676a4

install : $(TARGET)

check : $(patsubst %,$(DIR_CHK)/%,$(objects))

download :$(patsubst %,$(DIR_DL)/%,$(objects))

md5 : $(subst %,%_MD5,$(objects))

###############################################################################
# Downloading, checking, md5sum
###############################################################################

$(patsubst %,$(DIR_CHK)/%,$(objects)) :
	@$(CHECK)

$(patsubst %,$(DIR_DL)/%,$(objects)) :
	@$(LOAD)

$(subst %,%_MD5,$(objects)) :
	@$(MD5)

###############################################################################
# Installation Details
###############################################################################

$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
	@$(PREBUILD)
	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch

	# i586 specific patches
ifeq "$(BUILD_ARCH)" "i586"
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
endif

	# With openssl 1.0.2e, pod2mantest is missing
	echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
	chmod a+x $(DIR_APP)/util/pod2mantest

	# Apply our CFLAGS
	cd $(DIR_APP) && sed -i Configure \
		-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"

	cd $(DIR_APP) && find crypto/ -name Makefile -exec \
		sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;

	cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)

	cd $(DIR_APP) && make depend
	cd $(DIR_APP) && make

ifeq "$(KCFG)" "-sse2"
	-mkdir -pv /usr/lib/sse2
	cd $(DIR_APP) && install -m 755 \
		libcrypto.so.10 /usr/lib/sse2
else
	# Install everything.
	cd $(DIR_APP) && make install
	install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl

	# Remove man pages.
	-rm -vfr /etc/ssl/man

	# Move engines to the right place.
	-mkdir -pv /usr/lib/openssl
	rm -vfr /usr/lib/openssl/engines
	mv -v /usr/lib/engines /usr/lib/openssl
endif

	@rm -rf $(DIR_APP)
	@$(POSTBUILD)
Commit	Line	Data
cd1a2927	1	###############################################################################
cd1a2927	2	# #
70df8302	3	# IPFire.org - A linux based firewall #
11b5e5cb	4	# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
70df8302 MT	5	# #
70df8302 MT	6	# This program is free software: you can redistribute it and/or modify #
cd1a2927	7	# it under the terms of the GNU General Public License as published by #
70df8302	8	# the Free Software Foundation, either version 3 of the License, or #
cd1a2927 MT	9	# (at your option) any later version. #
cd1a2927 MT	10	# #
70df8302	11	# This program is distributed in the hope that it will be useful, #
cd1a2927 MT	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
70df8302	17	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
cd1a2927	18	# #
cd1a2927 MT	19	###############################################################################
	20
	21	###############################################################################
	22	# Definitions
	23	###############################################################################
	24
	25	include Config
	26
51d1e9ce	27	VER = 1.0.2n
cd1a2927 MT	28
	29	THISAPP = openssl-$(VER)
	30	DL_FILE = $(THISAPP).tar.gz
50f96334	31	DL_FROM = $(URL_IPFIRE)
cd1a2927	32	DIR_APP = $(DIR_SRC)/$(THISAPP)
37de68c9	33
f3c79385	34	TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
37de68c9	35
7fe56695	36	ifneq "$(KCFG)" "-sse2"
37de68c9	37	CFLAGS += -DPURIFY
7fe56695 AF	38	else
7fe56695 AF	39	CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
11b5e5cb	40	CFLAGS+= -mindirect-branch=thunk -mfunction-return=thunk
7fe56695 AF	41	CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
	42	CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
	43	CFLAGS+= -fomit-frame-pointer -DPURIFY
	44	CXXFLAGS="${CFLAGS}"
	45	endif
	46
37de68c9 MT	47	export RPM_OPT_FLAGS = $(CFLAGS)
	48
	49	CONFIGURE_OPTIONS = \
	50	--prefix=/usr \
	51	--openssldir=/etc/ssl \
	52	--enginesdir=/usr/lib/openssl/engines \
	53	shared \
	54	zlib-dynamic \
	55	enable-camellia \
	56	enable-md2 \
d25d7bfc	57	disable-ssl2 \
37de68c9 MT	58	enable-seed \
	59	enable-tlsext \
	60	enable-rfc3779 \
	61	no-idea \
	62	no-mdc2 \
	63	no-rc5 \
	64	no-srp \
bff88a48 MT	65	-DSSL_FORBID_ENULL \
bff88a48 MT	66	$(OPENSSL_ARCH)
cd1a2927	67
bff88a48 MT	68	ifeq "$(IS_64BIT)" "1"
	69	OPENSSL_ARCH = linux-generic64
	70	else
	71	OPENSSL_ARCH = linux-generic32
6e696bee MT	72	endif
6e696bee MT	73
bff88a48 MT	74	ifeq "$(BUILD_ARCH)" "aarch64"
bff88a48 MT	75	OPENSSL_ARCH = linux-aarch64
37de68c9	76	endif
bff88a48 MT	77
	78	ifeq "$(BUILD_ARCH)" "x86_64"
	79	OPENSSL_ARCH = linux-x86_64
0f90adc0 EK	80	endif
0f90adc0 EK	81
bff88a48 MT	82	ifeq "$(BUILD_ARCH)" "i586"
	83	OPENSSL_ARCH = linux-elf
	84
	85	ifneq "$(KCFG)" "-sse2"
	86	OPENSSL_ARCH += no-sse2
	87	endif
0f90adc0 EK	88	endif
0f90adc0 EK	89
cd1a2927 MT	90	###############################################################################
	91	# Top-level Rules
	92	###############################################################################
	93
	94	objects = $(DL_FILE)
	95
	96	$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
	97
51d1e9ce	98	$(DL_FILE)_MD5 = 13bdc1b1d1ff39b6fd42a255e74676a4
cd1a2927 MT	99
	100	install : $(TARGET)
	101
	102	check : $(patsubst %,$(DIR_CHK)/%,$(objects))
	103
	104	download :$(patsubst %,$(DIR_DL)/%,$(objects))
	105
	106	md5 : $(subst %,%_MD5,$(objects))
	107
	108	###############################################################################
	109	# Downloading, checking, md5sum
	110	###############################################################################
	111
	112	$(patsubst %,$(DIR_CHK)/%,$(objects)) :
	113	@$(CHECK)
	114
	115	$(patsubst %,$(DIR_DL)/%,$(objects)) :
	116	@$(LOAD)
	117
	118	$(subst %,%_MD5,$(objects)) :
	119	@$(MD5)
	120
	121	###############################################################################
	122	# Installation Details
	123	###############################################################################
	124
	125	$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
	126	@$(PREBUILD)
	127	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
0f90adc0	128	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
1245aa72	129	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
d25d7bfc	130	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
353e08cd	131	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
0f90adc0	132
0e2f9b01	133	# i586 specific patches
dc7d6b20	134	ifeq "$(BUILD_ARCH)" "i586"
f68ae02d	135	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
0e2f9b01	136	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
f68ae02d AF	137	endif
f68ae02d AF	138
c7762365 MT	139	# With openssl 1.0.2e, pod2mantest is missing
	140	echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
	141	chmod a+x $(DIR_APP)/util/pod2mantest
	142
a0297133 MT	143	# Apply our CFLAGS
	144	cd $(DIR_APP) && sed -i Configure \
	145	-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
	146
0f90adc0 EK	147	cd $(DIR_APP) && find crypto/ -name Makefile -exec \
	148	sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
	149
37de68c9	150	cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
0f90adc0 EK	151
	152	cd $(DIR_APP) && make depend
	153	cd $(DIR_APP) && make
	154
f3c79385	155	ifeq "$(KCFG)" "-sse2"
37de68c9 MT	156	-mkdir -pv /usr/lib/sse2
37de68c9 MT	157	cd $(DIR_APP) && install -m 755 \
cbdee67e	158	libcrypto.so.10 /usr/lib/sse2
37de68c9	159	else
0f90adc0 EK	160	# Install everything.
0f90adc0 EK	161	cd $(DIR_APP) && make install
cd1a2927	162	install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
0f90adc0 EK	163
	164	# Remove man pages.
	165	-rm -vfr /etc/ssl/man
	166
	167	# Move engines to the right place.
	168	-mkdir -pv /usr/lib/openssl
	169	rm -vfr /usr/lib/openssl/engines
	170	mv -v /usr/lib/engines /usr/lib/openssl
37de68c9	171	endif
0f90adc0	172
cd1a2927 MT	173	@rm -rf $(DIR_APP)
cd1a2927 MT	174	@$(POSTBUILD)