diff options
author | jlam <jlam> | 2003-09-11 04:10:38 +0000 |
---|---|---|
committer | jlam <jlam> | 2003-09-11 04:10:38 +0000 |
commit | 36394a85ef1336eb32e44815735a4cf7677b3969 (patch) | |
tree | 3158b57e860c88f8a1499c41cae705b484f9b91d /security | |
parent | d0e4e8479b346a229886579163ce5d6805b95076 (diff) | |
download | pkgsrc-36394a85ef1336eb32e44815735a4cf7677b3969.tar.gz |
Rewrite this file so that we can specify the version of OpenSSL that we
need by simply setting BUILDLINK_DEPENDS.openssl. This buildlink2.mk file
now functions just like any other typical buildlink2.mk file.
Diffstat (limited to 'security')
-rw-r--r-- | security/openssl/buildlink2.mk | 206 |
1 files changed, 112 insertions, 94 deletions
diff --git a/security/openssl/buildlink2.mk b/security/openssl/buildlink2.mk index 2d08eaeae25..6ee12e22f61 100644 --- a/security/openssl/buildlink2.mk +++ b/security/openssl/buildlink2.mk @@ -1,131 +1,149 @@ -# $NetBSD: buildlink2.mk,v 1.8 2003/09/10 16:43:14 jlam Exp $ -# -# Optionally define USE_OPENSSL_VERSION to the mininum OpenSSL version -# number in <openssl/opensslv.h>, i.e. 0x0090600fL, etc. +# $NetBSD: buildlink2.mk,v 1.9 2003/09/11 04:10:38 jlam Exp $ .if !defined(OPENSSL_BUILDLINK2_MK) OPENSSL_BUILDLINK2_MK= # defined .include "../../mk/bsd.prefs.mk" -# OpenSSL version numbers from <openssl/opensslv.h> -OPENSSL_VERSION_095A= 0x0090581fL -OPENSSL_VERSION_096= 0x0090600fL -OPENSSL_VERSION_096A= 0x0090601fL -OPENSSL_VERSION_096B= 0x0090602fL -OPENSSL_VERSION_096D= 0x0090604fL -OPENSSL_VERSION_096E= 0x0090605fL -OPENSSL_VERSION_096F= 0x0090606fL -OPENSSL_VERSION_096G= 0x0090607fL -OPENSSL_VERSION_096H= 0x0090608fL -OPENSSL_VERSION_096I= 0x0090609fL -OPENSSL_VERSION_096J= 0x0090610fL -OPENSSL_VERSION_097A= 0x0090701fL -OPENSSL_VERSION_097B= 0x0090702fL - -# Check for a usable installed version of OpenSSL. Version must be greater -# than 0.9.6f, or else contain a fix for the 2002-07-30 security advisory. -# If a usable version isn't present, then use the pkgsrc OpenSSL package. +# This is the ${PKGNAME} of the version of the OpenSSL package installed +# by pkgsrc. # -_NEED_OPENSSL= YES - -_OPENSSLV_H= /usr/include/openssl/opensslv.h -_SSL_H= /usr/include/openssl/ssl.h - -.if exists(${_OPENSSLV_H}) && exists(${_SSL_H}) -_IN_TREE_OPENSSL_HAS_FIX!= \ - ${AWK} 'BEGIN { ans = "NO" } \ - /SSL_R_SSL2_CONNECTION_ID_TOO_LONG/ { ans = "YES" } \ - END { print ans; exit 0 }' ${_SSL_H} +_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6gnb2 -. if ${_IN_TREE_OPENSSL_HAS_FIX} == "YES" -USE_OPENSSL_VERSION?= ${OPENSSL_VERSION_096F} -. else -USE_OPENSSL_VERSION?= ${OPENSSL_VERSION_096G} -. endif +BUILDLINK_DEPENDS.openssl?= openssl>=0.9.6g +BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl -_OPENSSL_VERSION!= ${AWK} '/.*OPENSSL_VERSION_NUMBER.*/ { print $$3 }' \ - ${_OPENSSLV_H} +BUILDLINK_CHECK_BUILTIN.openssl?= NO -# There never was a package for this; only the in-tree openssl had it. -#_VALID_SSL_VERSIONS= ${OPENSSL_VERSION_096F} # OpenSSL 0.9.6f -#BUILDLINK_DEPENDS.openssl= openssl>=0.9.6f +_OPENSSL_OPENSSLV_H= /usr/include/openssl/opensslv.h +_OPENSSL_SSL_H= /usr/include/openssl/ssl.h -. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096G} # OpenSSL 0.9.6g -_VALID_SSL_VERSIONS= ${OPENSSL_VERSION_096G} -BUILDLINK_DEPENDS.openssl= openssl>=0.9.6g -. else -_VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_096G} +.if !defined(BUILDLINK_IS_BUILTIN.openssl) +BUILDLINK_IS_BUILTIN.openssl= NO +. if exists(${_OPENSSL_OPENSSLV_H}) +BUILDLINK_IS_BUILTIN.openssl= YES . endif +.endif -# For 0.9.7a or 0.9.7b it must be installed as the package currently only -# support through 0.9.6g -. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_097A} # OpenSSL 0.9.7a -. if (${_OPENSSL_VERSION} != ${OPENSSL_VERSION_097A}) && (${_OPENSSL_VERSION} != OPENSSL_VERSION_097B}) -PKG_SKIP_REASON= "OpenSSL 0.9.7a or higher not installed." -. else -_VALID_SSL_VERSIONS= ${OPENSSL_VERSION_097A} -BUILDLINK_DEPENDS.openssl= openssl>=0.9.7a +.if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[yY][eE][sS]) +_NEED_OPENSSL= NO +.else +. if !empty(BUILDLINK_IS_BUILTIN.openssl:M[nN][oO]) +_NEED_OPENSSL= YES +. elif !defined(_NEED_OPENSSL) +_OPENSSL_HAS_FIX= NO +. if exists(${_OPENSSL_SSL_H}) +_OPENSSL_HAS_20020730_FIX!= \ + ${AWK} 'BEGIN { ans = "NO" } \ + /SSL_R_SSL2_CONNECTION_ID_TOO_LONG/ { ans = "YES" } \ + END { print ans; exit 0 } \ + ' ${_OPENSSL_SSL_H} . endif -. else -. if (${_OPENSSL_VERSION} == ${OPENSSL_VERSION_097A}) || (${_OPENSSL_VERSION} == OPENSSL_VERSION_097B}) -_VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_097A} +# +# Create an appropriate name for the built-in package distributed +# with the system. This package name can be used to check against +# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc +# version or if the built-in one is sufficient. +# +_OPENSSL_MAJOR!= \ + ${AWK} '/\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + print int(substr($$3, 3, 1)); exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_MINOR!= \ + ${AWK} '/\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + print "." int(substr($$3, 4, 2)); exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_TEENY!= \ + ${AWK} '/\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + print "." int(substr($$3, 6, 2)); exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_PATCHLEVEL!= \ + ${AWK} 'BEGIN { split("abcdefghijklmnopqrstuvwxyz", alpha, "") } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = int(substr($$3, 8, 2)); \ + if (i == 0) { \ + print ""; \ + } else if (i > 26) { \ + print "a"; \ + } else { \ + print alpha[i]; \ + } \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_VERSION= ${_OPENSSL_MAJOR}${_OPENSSL_MINOR}${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL} +_OPENSSL_PKG= openssl-${_OPENSSL_VERSION} +# +# If the built-in OpenSSL software is 0.9.6[ef], then check whether it +# contains the fix for the 20020730 security advisory. If it does, then +# treat it as the equivalent of openssl-0.9.6g. This is not strictly +# true, but is good enough since the main differences between 0.9.6e +# and 0.9.6g are security fixes that NetBSD has already patched into it's +# built-in OpenSSL software. +# +. if !empty(_OPENSSL_VERSION:M0\.9\.6[ef]) && \ + (${_OPENSSL_HAS_20020730_FIX} == "YES") +_OPENSSL_PKG= openssl-0.9.6g . endif -. endif +_OPENSSL_DEPENDS= ${BUILDLINK_DEPENDS.openssl} +_NEED_OPENSSL!= \ + if ${PKG_ADMIN} pmatch '${_OPENSSL_DEPENDS}' ${_OPENSSL_PKG}; then \ + ${ECHO} "NO"; \ + else \ + ${ECHO} "YES"; \ + fi +MAKEFLAGS+= _NEED_OPENSSL="${_NEED_OPENSSL}" +. endif # !defined(_NEED_OPENSSL) +.endif -. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_097B} # OpenSSL 0.9.7b -. if ${_OPENSSL_VERSION} != ${OPENSSL_VERSION_097B} -PKG_SKIP_REASON= "OpenSSL 0.9.7b or higher not installed." -. else -_VALID_SSL_VERSIONS= ${OPENSSL_VERSION_097B} -BUILDLINK_DEPENDS.openssl= openssl>=0.9.7b -. endif -. else -. if ${_OPENSSL_VERSION} == ${OPENSSL_VERSION_097B} -_VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_097B} -. endif -. endif +.if !defined(_NEED_NEWER_OPENSSL) +_NEED_NEWER_OPENSSL!= \ + if ${PKG_ADMIN} pmatch '${BUILDLINK_DEPENDS.openssl}' ${_OPENSSL_PKGSRC_PKGNAME}; then \ + ${ECHO} "NO"; \ + else \ + ${ECHO} "YES"; \ + fi +MAKEFLAGS+= _NEED_NEWER_OPENSSL="${_NEED_NEWER_OPENSSL}" +.endif -. for PATTERN in ${_VALID_SSL_VERSIONS} -. if ${_OPENSSL_VERSION:M${PATTERN}} != "" -_NEED_OPENSSL= NO -. endif -. endfor -.endif # exists(${_OPENSSLV_H}) && exists(${_SSL_H}) +.if (${_NEED_OPENSSL} == "YES") && (${_NEED_NEWER_OPENSSL} == "YES") +PKG_SKIP_REASON= "Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}" +.endif -BUILDLINK_DEPENDS.openssl?= openssl>=0.9.6g -BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl +.if ${_NEED_OPENSSL} == "YES" +. if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS]) +BUILDLINK_DEPENDS+= rsaref +. include "../../security/rsaref/buildlink3.mk" +. endif +.endif .if ${_NEED_OPENSSL} == "YES" -BUILDLINK_PACKAGES+= openssl -EVAL_PREFIX+= BUILDLINK_PREFIX.openssl=openssl +BUILDLINK_PACKAGES+= openssl +EVAL_PREFIX+= BUILDLINK_PREFIX.openssl=openssl BUILDLINK_PREFIX.openssl_DEFAULT= ${LOCALBASE} -SSLBASE= ${BUILDLINK_PREFIX.openssl} .else -BUILDLINK_PREFIX.openssl= /usr -SSLBASE= /usr +BUILDLINK_PREFIX.openssl= /usr .endif +SSLBASE= ${BUILDLINK_PREFIX.openssl} +BUILD_DEFS+= SSLBASE .if defined(PKG_SYSCONFDIR.openssl) -SSLCERTS= ${PKG_SYSCONFDIR.openssl}/certs +SSLCERTS= ${PKG_SYSCONFDIR.openssl}/certs .elif ${OPSYS} == "NetBSD" -SSLCERTS= /etc/openssl/certs +SSLCERTS= /etc/openssl/certs .else -SSLCERTS= ${PKG_SYSCONFBASE}/openssl/certs +SSLCERTS= ${PKG_SYSCONFBASE}/openssl/certs .endif -BUILD_DEFS+= SSLBASE SSLCERTS +BUILD_DEFS+= SSLCERTS BUILDLINK_FILES.openssl= include/openssl/* BUILDLINK_FILES.openssl+= lib/libRSAglue.* BUILDLINK_FILES.openssl+= lib/libcrypto.* BUILDLINK_FILES.openssl+= lib/libssl.* -.if ${_NEED_OPENSSL} == "YES" -. if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES -. include "../../security/rsaref/buildlink2.mk" -. endif -.endif - BUILDLINK_TARGETS+= openssl-buildlink openssl-buildlink: _BUILDLINK_USE |