openssl: Don't propose too weak ciphers.
[people/teissler/ipfire-2.x.git] / lfs / openssl
1 ###############################################################################
2 # #
3 # IPFire.org - A linux based firewall #
4 # Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
5 # #
6 # This program is free software: you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation, either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # This program is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
18 # #
19 ###############################################################################
20
21 ###############################################################################
22 # Definitions
23 ###############################################################################
24
25 include Config
26
27 VER = 1.0.1e
28
29 THISAPP = openssl-$(VER)
30 DL_FILE = $(THISAPP).tar.gz
31 DL_FROM = $(URL_IPFIRE)
32 DIR_APP = $(DIR_SRC)/$(THISAPP)
33 TARGET = $(DIR_INFO)/$(THISAPP)
34
35 ifeq "$(MACHINE)" "i586"
36 CONFIGURE_ARGS = linux-elf no-asm 386
37 endif
38
39 ifeq "$(MACHINE)" "armv5tel"
40 CONFIGURE_ARGS = linux-generic32
41 endif
42
43 CFLAGS += -DPURIFY
44 export RPM_OPT_FLAGS = $(CFLAGS)
45
46 ###############################################################################
47 # Top-level Rules
48 ###############################################################################
49
50 objects = $(DL_FILE)
51
52 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
53
54 $(DL_FILE)_MD5 = 66bf6f10f060d561929de96f9dfe5b8c
55
56 install : $(TARGET)
57
58 check : $(patsubst %,$(DIR_CHK)/%,$(objects))
59
60 download :$(patsubst %,$(DIR_DL)/%,$(objects))
61
62 md5 : $(subst %,%_MD5,$(objects))
63
64 ###############################################################################
65 # Downloading, checking, md5sum
66 ###############################################################################
67
68 $(patsubst %,$(DIR_CHK)/%,$(objects)) :
69 @$(CHECK)
70
71 $(patsubst %,$(DIR_DL)/%,$(objects)) :
72 @$(LOAD)
73
74 $(subst %,%_MD5,$(objects)) :
75 @$(MD5)
76
77 ###############################################################################
78 # Installation Details
79 ###############################################################################
80
81 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
82 @$(PREBUILD)
83 @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
84 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
85 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch
86 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch
87 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch
88 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_pod_syntax-1.patch
89 cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch
90
91 cd $(DIR_APP) && find crypto/ -name Makefile -exec \
92 sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
93
94 cd $(DIR_APP) && ./Configure \
95 --prefix=/usr \
96 --openssldir=/etc/ssl \
97 --enginesdir=/usr/lib/openssl/engines \
98 shared \
99 zlib-dynamic \
100 enable-camellia \
101 enable-md2 \
102 enable-seed \
103 enable-tlsext \
104 enable-rfc3779 \
105 no-idea \
106 no-mdc2 \
107 no-rc5 \
108 no-srp \
109 $(CONFIGURE_ARGS) \
110 -DSSL_FORBID_ENULL \
111 -DHAVE_CRYPTODEV \
112 -DUSE_CRYPTODEV_DIGEST
113
114 cd $(DIR_APP) && make depend
115 cd $(DIR_APP) && make
116
117 # Install everything.
118 cd $(DIR_APP) && make install
119 install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
120
121 # Remove man pages.
122 -rm -vfr /etc/ssl/man
123
124 # Move engines to the right place.
125 -mkdir -pv /usr/lib/openssl
126 rm -vfr /usr/lib/openssl/engines
127 mv -v /usr/lib/engines /usr/lib/openssl
128
129 @rm -rf $(DIR_APP)
130 @$(POSTBUILD)