X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=lfs%2Fopenssl;h=f8729c2de1598baaa5936ff0dbd81737e090a5a2;hb=06fc6170a2b8827125977c2f4e9c6f94e7d93c0a;hp=efc723664113734eb0a947219e8712deab4f4aac;hpb=9ffd1b35db13760ceab2b396230fbc40fa03caec;p=ipfire-2.x.git diff --git a/lfs/openssl b/lfs/openssl index efc7236641..f8729c2de1 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team # +# Copyright (C) 2007-2019 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,25 +24,61 @@ include Config -VER = 1.0.1m +VER = 1.1.1b THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) -ifeq "$(MACHINE)" "i586" - CONFIGURE_ARGS = linux-elf no-asm 386 -endif +TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG) + +CFLAGS += -DPURIFY -Wa,--noexecstack -ifeq "$(MACHINE)" "armv5tel" - CONFIGURE_ARGS = linux-generic32 +# Enable SSE2 for this build +ifeq "$(KCFG)" "-sse2" + CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse endif -CFLAGS += -DPURIFY export RPM_OPT_FLAGS = $(CFLAGS) +CONFIGURE_OPTIONS = \ + --prefix=/usr \ + --openssldir=/etc/ssl \ + shared \ + zlib-dynamic \ + enable-camellia \ + enable-seed \ + enable-rfc3779 \ + no-idea \ + no-mdc2 \ + no-rc5 \ + no-srp \ + no-aria \ + $(OPENSSL_ARCH) + +ifeq "$(IS_64BIT)" "1" + OPENSSL_ARCH = linux-generic64 +else + OPENSSL_ARCH = linux-generic32 +endif + +ifeq "$(BUILD_ARCH)" "aarch64" + OPENSSL_ARCH = linux-aarch64 +endif + +ifeq "$(BUILD_ARCH)" "x86_64" + OPENSSL_ARCH = linux-x86_64 +endif + +ifeq "$(BUILD_ARCH)" "i586" + OPENSSL_ARCH = linux-elf + + ifneq "$(KCFG)" "-sse2" + OPENSSL_ARCH += no-sse2 + endif +endif + ############################################################################### # Top-level Rules ############################################################################### @@ -51,7 +87,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = d143d1555d842a069cb7cc34ba745a06 +$(DL_FILE)_MD5 = 4532712e7bcc9414f5bce995e4e13930 install : $(TARGET) @@ -81,50 +117,30 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1a-default-cipherlist.patch + + # Apply our CFLAGS + cd $(DIR_APP) && sed -i Configure \ + -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \; - cd $(DIR_APP) && ./Configure \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - --enginesdir=/usr/lib/openssl/engines \ - shared \ - zlib-dynamic \ - enable-camellia \ - enable-md2 \ - enable-seed \ - enable-tlsext \ - enable-rfc3779 \ - no-idea \ - no-mdc2 \ - no-rc5 \ - no-srp \ - $(CONFIGURE_ARGS) \ - -DSSL_FORBID_ENULL \ - -DHAVE_CRYPTODEV \ - -DUSE_CRYPTODEV_DIGEST + cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) \ + $(CFLAGS) $(LDFLAGS) cd $(DIR_APP) && make depend - cd $(DIR_APP) && make + cd $(DIR_APP) && make $(MAKETUNING) +ifeq "$(KCFG)" "-sse2" + -mkdir -pv /usr/lib/sse2 + cd $(DIR_APP) && install -m 755 \ + libcrypto.so.1.1 /usr/lib/sse2 +else # Install everything. cd $(DIR_APP) && make install install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl - - # Remove man pages. - -rm -vfr /etc/ssl/man - - # Move engines to the right place. - -mkdir -pv /usr/lib/openssl - rm -vfr /usr/lib/openssl/engines - mv -v /usr/lib/engines /usr/lib/openssl +endif @rm -rf $(DIR_APP) @$(POSTBUILD)