]>
Commit | Line | Data |
---|---|---|
1 | ############################################################################### | |
2 | # # | |
3 | # IPFire.org - A linux based firewall # | |
4 | # Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> # | |
5 | # # | |
6 | # This program is free software: you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation, either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # This program is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
18 | # # | |
19 | ############################################################################### | |
20 | ||
21 | ############################################################################### | |
22 | # Definitions | |
23 | ############################################################################### | |
24 | ||
25 | include Config | |
26 | ||
27 | VER = 1.0.2n | |
28 | ||
29 | THISAPP = openssl-$(VER) | |
30 | DL_FILE = $(THISAPP).tar.gz | |
31 | DL_FROM = $(URL_IPFIRE) | |
32 | DIR_APP = $(DIR_SRC)/$(THISAPP) | |
33 | ||
34 | TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG) | |
35 | ||
36 | ifneq "$(KCFG)" "-sse2" | |
37 | CFLAGS += -DPURIFY | |
38 | else | |
39 | CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC | |
40 | CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4 | |
41 | CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse | |
42 | CFLAGS+= -fomit-frame-pointer -DPURIFY | |
43 | CXXFLAGS="${CFLAGS}" | |
44 | endif | |
45 | ||
46 | export RPM_OPT_FLAGS = $(CFLAGS) | |
47 | ||
48 | CONFIGURE_OPTIONS = \ | |
49 | --prefix=/usr \ | |
50 | --openssldir=/etc/ssl \ | |
51 | --enginesdir=/usr/lib/openssl/engines \ | |
52 | shared \ | |
53 | zlib-dynamic \ | |
54 | enable-camellia \ | |
55 | enable-md2 \ | |
56 | disable-ssl2 \ | |
57 | enable-seed \ | |
58 | enable-tlsext \ | |
59 | enable-rfc3779 \ | |
60 | no-idea \ | |
61 | no-mdc2 \ | |
62 | no-rc5 \ | |
63 | no-srp \ | |
64 | -DSSL_FORBID_ENULL \ | |
65 | $(OPENSSL_ARCH) | |
66 | ||
67 | ifeq "$(IS_64BIT)" "1" | |
68 | OPENSSL_ARCH = linux-generic64 | |
69 | else | |
70 | OPENSSL_ARCH = linux-generic32 | |
71 | endif | |
72 | ||
73 | ifeq "$(BUILD_ARCH)" "aarch64" | |
74 | OPENSSL_ARCH = linux-aarch64 | |
75 | endif | |
76 | ||
77 | ifeq "$(BUILD_ARCH)" "x86_64" | |
78 | OPENSSL_ARCH = linux-x86_64 | |
79 | endif | |
80 | ||
81 | ifeq "$(BUILD_ARCH)" "i586" | |
82 | OPENSSL_ARCH = linux-elf | |
83 | ||
84 | ifneq "$(KCFG)" "-sse2" | |
85 | OPENSSL_ARCH += no-sse2 | |
86 | endif | |
87 | endif | |
88 | ||
89 | ############################################################################### | |
90 | # Top-level Rules | |
91 | ############################################################################### | |
92 | ||
93 | objects = $(DL_FILE) | |
94 | ||
95 | $(DL_FILE) = $(DL_FROM)/$(DL_FILE) | |
96 | ||
97 | $(DL_FILE)_MD5 = 13bdc1b1d1ff39b6fd42a255e74676a4 | |
98 | ||
99 | install : $(TARGET) | |
100 | ||
101 | check : $(patsubst %,$(DIR_CHK)/%,$(objects)) | |
102 | ||
103 | download :$(patsubst %,$(DIR_DL)/%,$(objects)) | |
104 | ||
105 | md5 : $(subst %,%_MD5,$(objects)) | |
106 | ||
107 | ############################################################################### | |
108 | # Downloading, checking, md5sum | |
109 | ############################################################################### | |
110 | ||
111 | $(patsubst %,$(DIR_CHK)/%,$(objects)) : | |
112 | @$(CHECK) | |
113 | ||
114 | $(patsubst %,$(DIR_DL)/%,$(objects)) : | |
115 | @$(LOAD) | |
116 | ||
117 | $(subst %,%_MD5,$(objects)) : | |
118 | @$(MD5) | |
119 | ||
120 | ############################################################################### | |
121 | # Installation Details | |
122 | ############################################################################### | |
123 | ||
124 | $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) | |
125 | @$(PREBUILD) | |
126 | @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) | |
127 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch | |
128 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch | |
129 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch | |
130 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch | |
131 | ||
132 | # i586 specific patches | |
133 | ifeq "$(BUILD_ARCH)" "i586" | |
134 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch | |
135 | cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch | |
136 | endif | |
137 | ||
138 | # With openssl 1.0.2e, pod2mantest is missing | |
139 | echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest | |
140 | chmod a+x $(DIR_APP)/util/pod2mantest | |
141 | ||
142 | # Apply our CFLAGS | |
143 | cd $(DIR_APP) && sed -i Configure \ | |
144 | -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" | |
145 | ||
146 | cd $(DIR_APP) && find crypto/ -name Makefile -exec \ | |
147 | sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \; | |
148 | ||
149 | cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) | |
150 | ||
151 | cd $(DIR_APP) && make depend | |
152 | cd $(DIR_APP) && make | |
153 | ||
154 | ifeq "$(KCFG)" "-sse2" | |
155 | -mkdir -pv /usr/lib/sse2 | |
156 | cd $(DIR_APP) && install -m 755 \ | |
157 | libcrypto.so.10 /usr/lib/sse2 | |
158 | else | |
159 | # Install everything. | |
160 | cd $(DIR_APP) && make install | |
161 | install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl | |
162 | ||
163 | # Remove man pages. | |
164 | -rm -vfr /etc/ssl/man | |
165 | ||
166 | # Move engines to the right place. | |
167 | -mkdir -pv /usr/lib/openssl | |
168 | rm -vfr /usr/lib/openssl/engines | |
169 | mv -v /usr/lib/engines /usr/lib/openssl | |
170 | endif | |
171 | ||
172 | @rm -rf $(DIR_APP) | |
173 | @$(POSTBUILD) |