############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2007-2022 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### ############################################################################### # Definitions ############################################################################### include Config VER = 1.1.1q THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG) CFLAGS += -DPURIFY -Wa,--noexecstack export RPM_OPT_FLAGS = $(CFLAGS) CONFIGURE_OPTIONS = \ --prefix=/usr \ --openssldir=/etc/ssl \ shared \ zlib-dynamic \ enable-camellia \ enable-seed \ enable-rfc3779 \ no-idea \ no-mdc2 \ no-rc5 \ no-srp \ no-aria \ $(OPENSSL_ARCH) ifeq "$(IS_64BIT)" "1" OPENSSL_ARCH = linux-generic64 else OPENSSL_ARCH = linux-generic32 endif ifeq "$(BUILD_ARCH)" "aarch64" OPENSSL_ARCH = linux-aarch64 endif ifeq "$(BUILD_ARCH)" "x86_64" OPENSSL_ARCH = linux-x86_64 endif ############################################################################### # Top-level Rules ############################################################################### objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) $(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) download :$(patsubst %,$(DIR_DL)/%,$(objects)) b2 : $(subst %,%_BLAKE2,$(objects)) ############################################################################### # Downloading, checking, b2sum ############################################################################### $(patsubst %,$(DIR_CHK)/%,$(objects)) : @$(CHECK) $(patsubst %,$(DIR_DL)/%,$(objects)) : @$(LOAD) $(subst %,%_BLAKE2,$(objects)) : @$(B2SUM) ############################################################################### # Installation Details ############################################################################### $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1d-default-cipherlist.patch # Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \; cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS) \ $(CFLAGS) $(LDFLAGS) cd $(DIR_APP) && make depend cd $(DIR_APP) && make $(MAKETUNING) # Install everything cd $(DIR_APP) && make install install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl # Install RFC 7919 defined standard group ffdhe4096 install -m 0644 $(DIR_SRC)/config/ssl/ffdhe4096.pem /etc/ssl @rm -rf $(DIR_APP) @$(POSTBUILD)