diff options
| author | jlam <jlam> | 2004-03-10 17:57:14 +0000 |
|---|---|---|
| committer | jlam <jlam> | 2004-03-10 17:57:14 +0000 |
| commit | dcc66b8df5c6733d79956b8b5a9fd3a9c8d948f7 (patch) | |
| tree | 1226d07b8f66083168895189decc88848b70903f /security/openssl | |
| parent | e21a48d5290393121554d500c5350afe393cefba (diff) | |
| download | pkgsrc-dcc66b8df5c6733d79956b8b5a9fd3a9c8d948f7.tar.gz | |
Split out the code that deals with checking whether the software is
built-in or not into a separate builtin.mk file. The code to deal
checking for built-in software is much simpler to deal with in pkgsrc.
The buildlink3.mk file for a package will be of the usual format
regardless of the package, which makes it simpler for packagers to
update a package.
The builtin.mk file for a package must define a single yes/no variable
USE_BUILTIN.<pkg> that is used by bsd.buildlink3.mk to decide whether
to use the built-in software or to use the pkgsrc software.
Diffstat (limited to 'security/openssl')
| -rw-r--r-- | security/openssl/buildlink3.mk | 186 | ||||
| -rw-r--r-- | security/openssl/builtin.mk | 135 |
2 files changed, 146 insertions, 175 deletions
diff --git a/security/openssl/buildlink3.mk b/security/openssl/buildlink3.mk index 163bd2ab162..5002ed30884 100644 --- a/security/openssl/buildlink3.mk +++ b/security/openssl/buildlink3.mk @@ -1,173 +1,21 @@ -# $NetBSD: buildlink3.mk,v 1.15 2004/02/18 16:35:27 jlam Exp $ +# $NetBSD: buildlink3.mk,v 1.16 2004/03/10 17:57:15 jlam Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ OPENSSL_BUILDLINK3_MK:= ${OPENSSL_BUILDLINK3_MK}+ .include "../../mk/bsd.prefs.mk" -.if !empty(OPENSSL_BUILDLINK3_MK:M+) -# -# This is the ${PKGNAME} of the version of the OpenSSL package installed -# by pkgsrc. -# -_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6l - -BUILDLINK_PACKAGES+= openssl -BUILDLINK_DEPENDS.openssl+= openssl>=0.9.6l -BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl -.endif # OPENSSL_BUILDLINK3_MK - -BUILDLINK_CHECK_BUILTIN.openssl?= NO - -_OPENSSL_OPENSSLV_H= /usr/include/openssl/opensslv.h - -.if !defined(BUILDLINK_IS_BUILTIN.openssl) -BUILDLINK_IS_BUILTIN.openssl= NO -. if exists(${_OPENSSL_OPENSSLV_H}) -BUILDLINK_IS_BUILTIN.openssl= YES -. if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[nN][oO]) -# -# Create an appropriate name for the built-in package distributed -# with the system. This package name can be used to check against -# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc -# version or if the built-in one is sufficient. -# -_OPENSSL_MAJOR!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = index(hex, substr($$3, 3, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_MINOR!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = 16 * (index(hex, substr($$3, 4, 1)) - 1); \ - i += index(hex, substr($$3, 5, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_TEENY!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = 16 * (index(hex, substr($$3, 6, 1)) - 1); \ - i += index(hex, substr($$3, 7, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_PATCHLEVEL!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef"; \ - split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \ - } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = 16 * (index(hex, substr($$3, 8, 1)) - 1); \ - i += index(hex, substr($$3, 9, 1)) - 1; \ - if (i == 0) { \ - print ""; \ - } else if (i > 26) { \ - print "a"; \ - } else { \ - print alpha[i]; \ - } \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_VERSION= ${_OPENSSL_MAJOR}.${_OPENSSL_MINOR}.${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL} -_OPENSSL_PKG= openssl-${_OPENSSL_VERSION} -# -# If the built-in OpenSSL software is 0.9.6g, then check whether it -# contains the security fixes pulled up to netbsd-1-6 on 2003-11-07. -# If it does, then treat it as the equivalent of openssl-0.9.6l. This -# is not strictly true, but is good enough since the main differences -# between 0.9.6g and 0.9.6l are security fixes that NetBSD has already -# patched into its built-in OpenSSL software. -# -_OPENSSL_HAS_FIX!= \ - ${AWK} 'BEGIN { ans = "NO" } \ - /OPENSSL_HAS_20031107_FIX/ { ans = "YES" } \ - END { print ans; exit 0 } \ - ' ${_OPENSSL_OPENSSLV_H} -. if !empty(_OPENSSL_VERSION:M0\.9\.6g) && (${_OPENSSL_HAS_FIX} == "YES") -_OPENSSL_PKG= openssl-0.9.6l -. endif - -BUILDLINK_IS_BUILTIN.openssl?= YES -. for _depend_ in ${BUILDLINK_DEPENDS.openssl} -. if !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_IS_BUILTIN.openssl!= \ - if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKG}; then \ - ${ECHO} "YES"; \ - else \ - ${ECHO} "NO"; \ - fi -. endif -. endfor -. endif -. endif -MAKEFLAGS+= BUILDLINK_IS_BUILTIN.openssl=${BUILDLINK_IS_BUILTIN.openssl} -.endif - -.if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -.endif - -.if !defined(BUILDLINK_USE_BUILTIN.openssl) -. if !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -. else -BUILDLINK_USE_BUILTIN.openssl= NO -. endif - -. if !empty(PREFER_NATIVE:M[yY][eE][sS]) && \ - !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -. endif -. if !empty(PREFER_PKGSRC:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= NO -. endif -. if !empty(PREFER_NATIVE:Mopenssl) && \ - !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -. endif -. if !empty(PREFER_PKGSRC:Mopenssl) -BUILDLINK_USE_BUILTIN.openssl= NO -. endif -.endif - -.if !defined(_NEED_NEWER_OPENSSL) -_NEED_NEWER_OPENSSL?= NO -. for _depend_ in ${BUILDLINK_DEPENDS.openssl} -. if !empty(_NEED_NEWER_OPENSSL:M[nN][oO]) -_NEED_NEWER_OPENSSL!= \ - if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKGSRC_PKGNAME}; then \ - ${ECHO} "NO"; \ - else \ - ${ECHO} "YES"; \ - fi -. endif -. endfor -MAKEFLAGS+= _NEED_NEWER_OPENSSL=${_NEED_NEWER_OPENSSL} -.endif - -.if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO]) && \ - (${_NEED_NEWER_OPENSSL} == "YES") -PKG_SKIP_REASON= "Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}" -.endif - -.if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO]) -. if !empty(BUILDLINK_DEPTH:M+) +.if !empty(BUILDLINK_DEPTH:M+) BUILDLINK_DEPENDS+= openssl -. if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS]) -BUILDLINK_DEPENDS+= rsaref -. endif -. endif .endif +BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Nopenssl} +BUILDLINK_PACKAGES+= openssl + .if !empty(OPENSSL_BUILDLINK3_MK:M+) -# +BUILDLINK_DEPENDS.openssl+= openssl>=0.9.6l +BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl + # Ensure that -lcrypt comes before -lcrypto when linking so that the # system crypt() routine is used. # @@ -176,22 +24,10 @@ BUILDLINK_TRANSFORM+= reorder:l:crypt:crypto SSLBASE= ${BUILDLINK_PREFIX.openssl} BUILD_DEFS+= SSLBASE -. if defined(PKG_SYSCONFDIR.openssl) -SSLCERTS= ${PKG_SYSCONFDIR.openssl}/certs -. elif ${OPSYS} == "NetBSD" -SSLCERTS= /etc/openssl/certs -. elif !empty(BUILDLINK_USE_BUILTIN.openssl:M[yY][eE][sS]) -SSLCERTS= /etc/ssl/certs # likely place where certs live -. else -SSLCERTS= ${PKG_SYSCONFBASEDIR}/openssl/certs -. endif -BUILD_DEFS+= SSLCERTS +.if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS]) +. include "../../security/rsaref/buildlink3.mk" +.endif -. if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO]) -. if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS]) -. include "../../security/rsaref/buildlink3.mk" -. endif -. endif .endif # OPENSSL_BUILDLINK3_MK BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} diff --git a/security/openssl/builtin.mk b/security/openssl/builtin.mk new file mode 100644 index 00000000000..c347cf00069 --- /dev/null +++ b/security/openssl/builtin.mk @@ -0,0 +1,135 @@ +# $NetBSD: builtin.mk,v 1.1 2004/03/10 17:57:15 jlam Exp $ + +_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6l +_OPENSSL_OPENSSLV_H= /usr/include/openssl/opensslv.h + +.if !defined(IS_BUILTIN.openssl) +IS_BUILTIN.openssl= no +. if exists(${_OPENSSL_OPENSSLV_H}) +IS_BUILTIN.openssl= yes +# +# Create an appropriate name for the built-in package distributed +# with the system. This package name can be used to check against +# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc +# version or if the built-in one is sufficient. +# +_OPENSSL_MAJOR!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef" } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = index(hex, substr($$3, 3, 1)) - 1; \ + print i; \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_MINOR!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef" } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = 16 * (index(hex, substr($$3, 4, 1)) - 1); \ + i += index(hex, substr($$3, 5, 1)) - 1; \ + print i; \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_TEENY!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef" } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = 16 * (index(hex, substr($$3, 6, 1)) - 1); \ + i += index(hex, substr($$3, 7, 1)) - 1; \ + print i; \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_PATCHLEVEL!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef"; \ + split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \ + } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = 16 * (index(hex, substr($$3, 8, 1)) - 1); \ + i += index(hex, substr($$3, 9, 1)) - 1; \ + if (i == 0) { \ + print ""; \ + } else if (i > 26) { \ + print "a"; \ + } else { \ + print alpha[i]; \ + } \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_VERSION= ${_OPENSSL_MAJOR}.${_OPENSSL_MINOR}.${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL} +BUILTIN_PKG.openssl= openssl-${_OPENSSL_VERSION} +# +# If the built-in OpenSSL software is 0.9.6g, then check whether it +# contains the security fixes pulled up to netbsd-1-6 on 2003-11-07. +# If it does, then treat it as the equivalent of openssl-0.9.6l. This +# is not strictly true, but is good enough since the main differences +# between 0.9.6g and 0.9.6l are security fixes that NetBSD has already +# patched into its built-in OpenSSL software. +# +_OPENSSL_HAS_FIX!= \ + ${AWK} 'BEGIN { ans = "no" } \ + /OPENSSL_HAS_20031107_FIX/ { ans = "yes" } \ + END { print ans; exit 0 } \ + ' ${_OPENSSL_OPENSSLV_H} +. if !empty(_OPENSSL_VERSION:M0\.9\.6g) && (${_OPENSSL_HAS_FIX} == "yes") +BUILTIN_PKG.openssl= openssl-0.9.6l +. endif +MAKEFLAGS+= BUILTIN_PKG.openssl=${BUILTIN_PKG.openssl} +. endif +MAKEFLAGS+= IS_BUILTIN.openssl=${IS_BUILTIN.openssl} +.endif + +CHECK_BUILTIN.openssl?= no +.if !empty(CHECK_BUILTIN.openssl:M[yY][eE][sS]) +USE_BUILTIN.openssl= yes +.endif + +.if !defined(USE_BUILTIN.openssl) +USE_BUILTIN.openssl?= ${IS_BUILTIN.openssl} + +. if defined(BUILTIN_PKG.openssl) +USE_BUILTIN.openssl= yes +. for _depend_ in ${BUILDLINK_DEPENDS.openssl} +. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +USE_BUILTIN.openssl!= \ + if ${PKG_ADMIN} pmatch '${_depend_}' ${BUILTIN_PKG.openssl}; then \ + ${ECHO} "yes"; \ + else \ + ${ECHO} "no"; \ + fi +. endif +. endfor +. endif +.endif # USE_BUILTIN.openssl + +.if !defined(_NEED_NEWER_OPENSSL) +_NEED_NEWER_OPENSSL?= no +. for _depend_ in ${BUILDLINK_DEPENDS.openssl} +. if !empty(_NEED_NEWER_OPENSSL:M[nN][oO]) +_NEED_NEWER_OPENSSL!= \ + if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKGSRC_PKGNAME}; then \ + ${ECHO} "no"; \ + else \ + ${ECHO} "yes"; \ + fi +. endif +. endfor +MAKEFLAGS+= _NEED_NEWER_OPENSSL=${_NEED_NEWER_OPENSSL} +.endif + +.if !empty(USE_BUILTIN.openssl:M[nN][oO]) && \ + !empty(_NEED_NEWER_OPENSSL:M[yY][eE][sS]) +PKG_SKIP_REASON= \ + "Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}" +.endif + +.if defined(PKG_SYSCONFDIR.openssl) +SSLCERTS= ${PKG_SYSCONFDIR.openssl}/certs +.elif ${OPSYS} == "NetBSD" +SSLCERTS= /etc/openssl/certs +.elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +SSLCERTS= /etc/ssl/certs # likely place where certs live +.else +SSLCERTS= ${PKG_SYSCONFBASEDIR}/openssl/certs +.endif +BUILD_DEFS+= SSLCERTS |