Split out the code that deals with checking whether the software is

built-in or not into a separate builtin.mk file.  The code to deal
checking for built-in software is much simpler to deal with in pkgsrc.

The buildlink3.mk file for a package will be of the usual format
regardless of the package, which makes it simpler for packagers to
update a package.

The builtin.mk file for a package must define a single yes/no variable
USE_BUILTIN.<pkg> that is used by bsd.buildlink3.mk to decide whether
to use the built-in software or to use the pkgsrc software.

2 files changed, 146 insertions, 175 deletions

diff --git a/security/openssl/buildlink3.mk b/security/openssl/buildlink3.mk
index 163bd2ab162..5002ed30884 100644
--- a/security/openssl/buildlink3.mk
+++ b/security/openssl/buildlink3.mk
@@ -1,173 +1,21 @@
-# $NetBSD: buildlink3.mk,v 1.15 2004/02/18 16:35:27 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.16 2004/03/10 17:57:15 jlam Exp $
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH}+
 OPENSSL_BUILDLINK3_MK:=	${OPENSSL_BUILDLINK3_MK}+
 
 .include "../../mk/bsd.prefs.mk"
 
-.if !empty(OPENSSL_BUILDLINK3_MK:M+)
-#
-# This is the ${PKGNAME} of the version of the OpenSSL package installed
-# by pkgsrc.
-#
-_OPENSSL_PKGSRC_PKGNAME=	openssl-0.9.6l
-
-BUILDLINK_PACKAGES+=		openssl
-BUILDLINK_DEPENDS.openssl+=	openssl>=0.9.6l
-BUILDLINK_PKGSRCDIR.openssl?=	../../security/openssl
-.endif	# OPENSSL_BUILDLINK3_MK
-
-BUILDLINK_CHECK_BUILTIN.openssl?=	NO
-
-_OPENSSL_OPENSSLV_H=	/usr/include/openssl/opensslv.h
-
-.if !defined(BUILDLINK_IS_BUILTIN.openssl)
-BUILDLINK_IS_BUILTIN.openssl=	NO
-.  if exists(${_OPENSSL_OPENSSLV_H})
-BUILDLINK_IS_BUILTIN.openssl=	YES
-.    if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[nN][oO])
-#
-# Create an appropriate name for the built-in package distributed
-# with the system.  This package name can be used to check against
-# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc
-# version or if the built-in one is sufficient.
-#
-_OPENSSL_MAJOR!=							\
-	${AWK} 'BEGIN { hex="0123456789abcdef" }			\
-		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
-			i = index(hex, substr($$3, 3, 1)) - 1;		\
-			print i;					\
-			exit 0;						\
-		}							\
-	' ${_OPENSSL_OPENSSLV_H}
-_OPENSSL_MINOR!=							\
-	${AWK} 'BEGIN { hex="0123456789abcdef" }			\
-		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
-			i = 16 * (index(hex, substr($$3, 4, 1)) - 1);	\
-			i += index(hex, substr($$3, 5, 1)) - 1;		\
-			print i;					\
-			exit 0;						\
-		}							\
-	' ${_OPENSSL_OPENSSLV_H}
-_OPENSSL_TEENY!=							\
-	${AWK} 'BEGIN { hex="0123456789abcdef" }			\
-		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
-			i = 16 * (index(hex, substr($$3, 6, 1)) - 1);	\
-			i += index(hex, substr($$3, 7, 1)) - 1;		\
-			print i;					\
-			exit 0;						\
-		}							\
-	' ${_OPENSSL_OPENSSLV_H}
-_OPENSSL_PATCHLEVEL!=							\
-	${AWK} 'BEGIN { hex="0123456789abcdef";				\
-			split("abcdefghijklmnopqrstuvwxyz", alpha, "");	\
-		}							\
-		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
-			i = 16 * (index(hex, substr($$3, 8, 1)) - 1);	\
-			i += index(hex, substr($$3, 9, 1)) - 1;		\
-			if (i == 0) {					\
-				print "";				\
-			} else if (i > 26) {				\
-				print "a";				\
-			} else {					\
-				print alpha[i];				\
-			}						\
-			exit 0;						\
-		}							\
-	' ${_OPENSSL_OPENSSLV_H}
-_OPENSSL_VERSION=	${_OPENSSL_MAJOR}.${_OPENSSL_MINOR}.${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL}
-_OPENSSL_PKG=	openssl-${_OPENSSL_VERSION}
-#
-# If the built-in OpenSSL software is 0.9.6g, then check whether it
-# contains the security fixes pulled up to netbsd-1-6 on 2003-11-07.
-# If it does, then treat it as the equivalent of openssl-0.9.6l.  This
-# is not strictly true, but is good enough since the main differences
-# between 0.9.6g and 0.9.6l are security fixes that NetBSD has already
-# patched into its built-in OpenSSL software.
-#    
-_OPENSSL_HAS_FIX!=							\
-	${AWK} 'BEGIN { ans = "NO" }					\
-		/OPENSSL_HAS_20031107_FIX/ { ans = "YES" }		\
-		END { print ans; exit 0 }				\
-	' ${_OPENSSL_OPENSSLV_H}
-.      if !empty(_OPENSSL_VERSION:M0\.9\.6g) && (${_OPENSSL_HAS_FIX} == "YES")
-_OPENSSL_PKG=		openssl-0.9.6l
-.      endif
-
-BUILDLINK_IS_BUILTIN.openssl?=	YES
-.      for _depend_ in ${BUILDLINK_DEPENDS.openssl}
-.        if !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS])
-BUILDLINK_IS_BUILTIN.openssl!=		\
-	if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKG}; then	\
-		${ECHO} "YES";						\
-	else								\
-		${ECHO} "NO";						\
-	fi
-.        endif
-.      endfor
-.    endif
-.  endif
-MAKEFLAGS+=	BUILDLINK_IS_BUILTIN.openssl=${BUILDLINK_IS_BUILTIN.openssl}
-.endif
-
-.if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[yY][eE][sS])
-BUILDLINK_USE_BUILTIN.openssl=	YES
-.endif
-
-.if !defined(BUILDLINK_USE_BUILTIN.openssl)
-.  if !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS])
-BUILDLINK_USE_BUILTIN.openssl=	YES
-.  else
-BUILDLINK_USE_BUILTIN.openssl=	NO
-.  endif
-
-.  if !empty(PREFER_NATIVE:M[yY][eE][sS]) && \
-      !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS])
-BUILDLINK_USE_BUILTIN.openssl=	YES
-.  endif
-.  if !empty(PREFER_PKGSRC:M[yY][eE][sS])
-BUILDLINK_USE_BUILTIN.openssl=	NO
-.  endif
-.  if !empty(PREFER_NATIVE:Mopenssl) && \
-      !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS])
-BUILDLINK_USE_BUILTIN.openssl=	YES
-.  endif
-.  if !empty(PREFER_PKGSRC:Mopenssl)
-BUILDLINK_USE_BUILTIN.openssl=	NO
-.  endif
-.endif
-
-.if !defined(_NEED_NEWER_OPENSSL)
-_NEED_NEWER_OPENSSL?=	NO
-.  for _depend_ in ${BUILDLINK_DEPENDS.openssl}
-.    if !empty(_NEED_NEWER_OPENSSL:M[nN][oO])
-_NEED_NEWER_OPENSSL!=	\
-	if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKGSRC_PKGNAME}; then \
-		${ECHO} "NO";						\
-	else								\
-		${ECHO} "YES";						\
-	fi
-.    endif
-.  endfor
-MAKEFLAGS+=	_NEED_NEWER_OPENSSL=${_NEED_NEWER_OPENSSL}
-.endif
-
-.if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO]) && \
-    (${_NEED_NEWER_OPENSSL} == "YES")
-PKG_SKIP_REASON=	"Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}"
-.endif
-
-.if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO])
-.  if !empty(BUILDLINK_DEPTH:M+)
+.if !empty(BUILDLINK_DEPTH:M+)
 BUILDLINK_DEPENDS+=	openssl
-.    if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS])
-BUILDLINK_DEPENDS+=	rsaref
-.    endif
-.  endif
 .endif
 
+BUILDLINK_PACKAGES:=	${BUILDLINK_PACKAGES:Nopenssl}
+BUILDLINK_PACKAGES+=	openssl
+
 .if !empty(OPENSSL_BUILDLINK3_MK:M+)
-#
+BUILDLINK_DEPENDS.openssl+=	openssl>=0.9.6l
+BUILDLINK_PKGSRCDIR.openssl?=	../../security/openssl
+
 # Ensure that -lcrypt comes before -lcrypto when linking so that the
 # system crypt() routine is used.
 #
@@ -176,22 +24,10 @@ BUILDLINK_TRANSFORM+=	reorder:l:crypt:crypto
 SSLBASE=	${BUILDLINK_PREFIX.openssl}
 BUILD_DEFS+=	SSLBASE
 
-.  if defined(PKG_SYSCONFDIR.openssl)
-SSLCERTS=	${PKG_SYSCONFDIR.openssl}/certs
-.  elif ${OPSYS} == "NetBSD"
-SSLCERTS=	/etc/openssl/certs
-.  elif !empty(BUILDLINK_USE_BUILTIN.openssl:M[yY][eE][sS])
-SSLCERTS=	/etc/ssl/certs		# likely place where certs live
-.  else
-SSLCERTS=	${PKG_SYSCONFBASEDIR}/openssl/certs
-.  endif
-BUILD_DEFS+=	SSLCERTS
+.if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS])
+.  include "../../security/rsaref/buildlink3.mk"
+.endif
 
-.  if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO])
-.    if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS])
-.      include "../../security/rsaref/buildlink3.mk"
-.    endif
-.  endif
 .endif	# OPENSSL_BUILDLINK3_MK
 
 BUILDLINK_DEPTH:=	${BUILDLINK_DEPTH:S/+$//}
diff --git a/security/openssl/builtin.mk b/security/openssl/builtin.mk
new file mode 100644
index 00000000000..c347cf00069
--- /dev/null
+++ b/security/openssl/builtin.mk
@@ -0,0 +1,135 @@
+# $NetBSD: builtin.mk,v 1.1 2004/03/10 17:57:15 jlam Exp $
+
+_OPENSSL_PKGSRC_PKGNAME=	openssl-0.9.6l
+_OPENSSL_OPENSSLV_H=		/usr/include/openssl/opensslv.h
+
+.if !defined(IS_BUILTIN.openssl)
+IS_BUILTIN.openssl=	no
+.  if exists(${_OPENSSL_OPENSSLV_H})
+IS_BUILTIN.openssl=	yes
+#
+# Create an appropriate name for the built-in package distributed
+# with the system.  This package name can be used to check against
+# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc
+# version or if the built-in one is sufficient.
+#
+_OPENSSL_MAJOR!=							\
+	${AWK} 'BEGIN { hex="0123456789abcdef" }			\
+		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			i = index(hex, substr($$3, 3, 1)) - 1;		\
+			print i;					\
+			exit 0;						\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_MINOR!=							\
+	${AWK} 'BEGIN { hex="0123456789abcdef" }			\
+		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			i = 16 * (index(hex, substr($$3, 4, 1)) - 1);	\
+			i += index(hex, substr($$3, 5, 1)) - 1;		\
+			print i;					\
+			exit 0;						\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_TEENY!=							\
+	${AWK} 'BEGIN { hex="0123456789abcdef" }			\
+		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			i = 16 * (index(hex, substr($$3, 6, 1)) - 1);	\
+			i += index(hex, substr($$3, 7, 1)) - 1;		\
+			print i;					\
+			exit 0;						\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_PATCHLEVEL!=							\
+	${AWK} 'BEGIN { hex="0123456789abcdef";				\
+			split("abcdefghijklmnopqrstuvwxyz", alpha, "");	\
+		}							\
+		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			i = 16 * (index(hex, substr($$3, 8, 1)) - 1);	\
+			i += index(hex, substr($$3, 9, 1)) - 1;		\
+			if (i == 0) {					\
+				print "";				\
+			} else if (i > 26) {				\
+				print "a";				\
+			} else {					\
+				print alpha[i];				\
+			}						\
+			exit 0;						\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_VERSION=	${_OPENSSL_MAJOR}.${_OPENSSL_MINOR}.${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL}
+BUILTIN_PKG.openssl=	openssl-${_OPENSSL_VERSION}
+#
+# If the built-in OpenSSL software is 0.9.6g, then check whether it
+# contains the security fixes pulled up to netbsd-1-6 on 2003-11-07.
+# If it does, then treat it as the equivalent of openssl-0.9.6l.  This
+# is not strictly true, but is good enough since the main differences
+# between 0.9.6g and 0.9.6l are security fixes that NetBSD has already
+# patched into its built-in OpenSSL software.
+#    
+_OPENSSL_HAS_FIX!=							\
+	${AWK} 'BEGIN { ans = "no" }					\
+		/OPENSSL_HAS_20031107_FIX/ { ans = "yes" }		\
+		END { print ans; exit 0 }				\
+	' ${_OPENSSL_OPENSSLV_H}
+.    if !empty(_OPENSSL_VERSION:M0\.9\.6g) && (${_OPENSSL_HAS_FIX} == "yes")
+BUILTIN_PKG.openssl=	openssl-0.9.6l
+.    endif
+MAKEFLAGS+=	BUILTIN_PKG.openssl=${BUILTIN_PKG.openssl}
+.  endif
+MAKEFLAGS+=	IS_BUILTIN.openssl=${IS_BUILTIN.openssl}
+.endif
+
+CHECK_BUILTIN.openssl?=	no
+.if !empty(CHECK_BUILTIN.openssl:M[yY][eE][sS])
+USE_BUILTIN.openssl=	yes
+.endif
+
+.if !defined(USE_BUILTIN.openssl)
+USE_BUILTIN.openssl?=	${IS_BUILTIN.openssl}
+
+.  if defined(BUILTIN_PKG.openssl)
+USE_BUILTIN.openssl=	yes
+.    for _depend_ in ${BUILDLINK_DEPENDS.openssl}
+.      if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
+USE_BUILTIN.openssl!=	\
+	if ${PKG_ADMIN} pmatch '${_depend_}' ${BUILTIN_PKG.openssl}; then \
+		${ECHO} "yes";						\
+	else								\
+		${ECHO} "no";						\
+	fi
+.      endif
+.    endfor
+.  endif
+.endif	# USE_BUILTIN.openssl
+
+.if !defined(_NEED_NEWER_OPENSSL)
+_NEED_NEWER_OPENSSL?=	no
+.  for _depend_ in ${BUILDLINK_DEPENDS.openssl}
+.    if !empty(_NEED_NEWER_OPENSSL:M[nN][oO])
+_NEED_NEWER_OPENSSL!=	\
+	if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKGSRC_PKGNAME}; then \
+		${ECHO} "no";						\
+	else								\
+		${ECHO} "yes";						\
+	fi
+.    endif
+.  endfor
+MAKEFLAGS+=	_NEED_NEWER_OPENSSL=${_NEED_NEWER_OPENSSL}
+.endif
+
+.if !empty(USE_BUILTIN.openssl:M[nN][oO]) && \
+    !empty(_NEED_NEWER_OPENSSL:M[yY][eE][sS])
+PKG_SKIP_REASON=	\
+	"Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}"
+.endif
+
+.if defined(PKG_SYSCONFDIR.openssl)
+SSLCERTS=	${PKG_SYSCONFDIR.openssl}/certs
+.elif ${OPSYS} == "NetBSD"
+SSLCERTS=	/etc/openssl/certs
+.elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
+SSLCERTS=	/etc/ssl/certs		# likely place where certs live
+.else
+SSLCERTS=	${PKG_SYSCONFBASEDIR}/openssl/certs
+.endif
+BUILD_DEFS+=	SSLCERTS