[ipfire-2.x.git] / lfs / openssl

###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2016  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

###############################################################################
# Definitions
###############################################################################

include Config

VER        = 1.0.2k

THISAPP    = openssl-$(VER)
DL_FILE    = $(THISAPP).tar.gz
DL_FROM    = $(URL_IPFIRE)
DIR_APP    = $(DIR_SRC)/$(THISAPP)

TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)

ifneq "$(KCFG)" "-sse2"
CFLAGS += -DPURIFY
else
CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
CFLAGS+= -fomit-frame-pointer -DPURIFY
CXXFLAGS="${CFLAGS}"
endif

export RPM_OPT_FLAGS = $(CFLAGS)

CONFIGURE_OPTIONS = \
	--prefix=/usr \
	--openssldir=/etc/ssl \
	--enginesdir=/usr/lib/openssl/engines \
	shared \
	zlib-dynamic \
	enable-camellia \
	enable-md2 \
	disable-ssl2 \
	enable-seed \
	enable-tlsext \
	enable-rfc3779 \
	no-idea \
	no-mdc2 \
	no-rc5 \
	no-srp \
	-DSSL_FORBID_ENULL

ifeq "$(MACHINE)" "x86_64"
	CONFIGURE_OPTIONS += linux-x86_64
endif

ifeq "$(MACHINE)" "i586"
	CONFIGURE_OPTIONS += linux-elf

ifneq "$(KCFG)" "-sse2"
	CONFIGURE_OPTIONS += no-sse2
endif
endif

ifeq "$(MACHINE)" "armv5tel"
	CONFIGURE_OPTIONS += linux-generic32
endif

###############################################################################
# Top-level Rules
###############################################################################

objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

$(DL_FILE)_MD5 = f965fc0bf01bf882b31314b61391ae65

install : $(TARGET)

check : $(patsubst %,$(DIR_CHK)/%,$(objects))

download :$(patsubst %,$(DIR_DL)/%,$(objects))

md5 : $(subst %,%_MD5,$(objects))

###############################################################################
# Downloading, checking, md5sum
###############################################################################

$(patsubst %,$(DIR_CHK)/%,$(objects)) :
	@$(CHECK)

$(patsubst %,$(DIR_DL)/%,$(objects)) :
	@$(LOAD)

$(subst %,%_MD5,$(objects)) :
	@$(MD5)

###############################################################################
# Installation Details
###############################################################################

$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
	@$(PREBUILD)
	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch

	# i586 specific patches
ifeq "$(MACHINE)" "i586"
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
endif

	# With openssl 1.0.2e, pod2mantest is missing
	echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
	chmod a+x $(DIR_APP)/util/pod2mantest

	# Apply our CFLAGS
	cd $(DIR_APP) && sed -i Configure \
		-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"

	cd $(DIR_APP) && find crypto/ -name Makefile -exec \
		sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;

	cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)

	cd $(DIR_APP) && make depend
	cd $(DIR_APP) && make

ifeq "$(KCFG)" "-sse2"
	-mkdir -pv /usr/lib/sse2
	cd $(DIR_APP) && install -m 755 \
		libcrypto.so.10 /usr/lib/sse2
else
	# Install everything.
	cd $(DIR_APP) && make install
	install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl

	# Remove man pages.
	-rm -vfr /etc/ssl/man

	# Move engines to the right place.
	-mkdir -pv /usr/lib/openssl
	rm -vfr /usr/lib/openssl/engines
	mv -v /usr/lib/engines /usr/lib/openssl
endif

	@rm -rf $(DIR_APP)
	@$(POSTBUILD)
Commit	Line	Data
	1	###############################################################################
	2	# #
	3	# IPFire.org - A linux based firewall #
	4	# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
	5	# #
	6	# This program is free software: you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation, either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# This program is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	18	# #
	19	###############################################################################
	20
	21	###############################################################################
	22	# Definitions
	23	###############################################################################
	24
	25	include Config
	26
	27	VER = 1.0.2k
	28
	29	THISAPP = openssl-$(VER)
	30	DL_FILE = $(THISAPP).tar.gz
	31	DL_FROM = $(URL_IPFIRE)
	32	DIR_APP = $(DIR_SRC)/$(THISAPP)
	33
	34	TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
	35
	36	ifneq "$(KCFG)" "-sse2"
	37	CFLAGS += -DPURIFY
	38	else
	39	CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
	40	CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
	41	CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
	42	CFLAGS+= -fomit-frame-pointer -DPURIFY
	43	CXXFLAGS="${CFLAGS}"
	44	endif
	45
	46	export RPM_OPT_FLAGS = $(CFLAGS)
	47
	48	CONFIGURE_OPTIONS = \
	49	--prefix=/usr \
	50	--openssldir=/etc/ssl \
	51	--enginesdir=/usr/lib/openssl/engines \
	52	shared \
	53	zlib-dynamic \
	54	enable-camellia \
	55	enable-md2 \
	56	disable-ssl2 \
	57	enable-seed \
	58	enable-tlsext \
	59	enable-rfc3779 \
	60	no-idea \
	61	no-mdc2 \
	62	no-rc5 \
	63	no-srp \
	64	-DSSL_FORBID_ENULL
	65
	66	ifeq "$(MACHINE)" "x86_64"
	67	CONFIGURE_OPTIONS += linux-x86_64
	68	endif
	69
	70	ifeq "$(MACHINE)" "i586"
	71	CONFIGURE_OPTIONS += linux-elf
	72
	73	ifneq "$(KCFG)" "-sse2"
	74	CONFIGURE_OPTIONS += no-sse2
	75	endif
	76	endif
	77
	78	ifeq "$(MACHINE)" "armv5tel"
	79	CONFIGURE_OPTIONS += linux-generic32
	80	endif
	81
	82	###############################################################################
	83	# Top-level Rules
	84	###############################################################################
	85
	86	objects = $(DL_FILE)
	87
	88	$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
	89
	90	$(DL_FILE)_MD5 = f965fc0bf01bf882b31314b61391ae65
	91
	92	install : $(TARGET)
	93
	94	check : $(patsubst %,$(DIR_CHK)/%,$(objects))
	95
	96	download :$(patsubst %,$(DIR_DL)/%,$(objects))
	97
	98	md5 : $(subst %,%_MD5,$(objects))
	99
	100	###############################################################################
	101	# Downloading, checking, md5sum
	102	###############################################################################
	103
	104	$(patsubst %,$(DIR_CHK)/%,$(objects)) :
	105	@$(CHECK)
	106
	107	$(patsubst %,$(DIR_DL)/%,$(objects)) :
	108	@$(LOAD)
	109
	110	$(subst %,%_MD5,$(objects)) :
	111	@$(MD5)
	112
	113	###############################################################################
	114	# Installation Details
	115	###############################################################################
	116
	117	$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
	118	@$(PREBUILD)
	119	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
	120	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
	121	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
	122	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
	123	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
	124
	125	# i586 specific patches
	126	ifeq "$(MACHINE)" "i586"
	127	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
	128	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
	129	endif
	130
	131	# With openssl 1.0.2e, pod2mantest is missing
	132	echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
	133	chmod a+x $(DIR_APP)/util/pod2mantest
	134
	135	# Apply our CFLAGS
	136	cd $(DIR_APP) && sed -i Configure \
	137	-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
	138
	139	cd $(DIR_APP) && find crypto/ -name Makefile -exec \
	140	sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
	141
	142	cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
	143
	144	cd $(DIR_APP) && make depend
	145	cd $(DIR_APP) && make
	146
	147	ifeq "$(KCFG)" "-sse2"
	148	-mkdir -pv /usr/lib/sse2
	149	cd $(DIR_APP) && install -m 755 \
	150	libcrypto.so.10 /usr/lib/sse2
	151	else
	152	# Install everything.
	153	cd $(DIR_APP) && make install
	154	install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
	155
	156	# Remove man pages.
	157	-rm -vfr /etc/ssl/man
	158
	159	# Move engines to the right place.
	160	-mkdir -pv /usr/lib/openssl
	161	rm -vfr /usr/lib/openssl/engines
	162	mv -v /usr/lib/engines /usr/lib/openssl
	163	endif
	164
	165	@rm -rf $(DIR_APP)
	166	@$(POSTBUILD)