Rewrite this file so that we can specify the version of OpenSSL that we

need by simply setting BUILDLINK_DEPENDS.openssl. This buildlink2.mk file now functions just like any other typical buildlink2.mk file.
author: jlam <jlam> 2003-09-11 04:10:38 +0000
committer: jlam <jlam> 2003-09-11 04:10:38 +0000
commit: 36394a85ef1336eb32e44815735a4cf7677b3969 (patch)
tree: 3158b57e860c88f8a1499c41cae705b484f9b91d /security
parent: d0e4e8479b346a229886579163ce5d6805b95076 (diff)
download: pkgsrc-36394a85ef1336eb32e44815735a4cf7677b3969.tar.gz
1 files changed, 112 insertions, 94 deletions
diff --git a/security/openssl/buildlink2.mk b/security/openssl/buildlink2.mk
index 2d08eaeae25..6ee12e22f61 100644
--- a/security/openssl/buildlink2.mk
+++ b/security/openssl/buildlink2.mk
@@ -1,131 +1,149 @@
-# $NetBSD: buildlink2.mk,v 1.8 2003/09/10 16:43:14 jlam Exp $
-#
-# Optionally define USE_OPENSSL_VERSION to the mininum OpenSSL version
-# number in <openssl/opensslv.h>, i.e. 0x0090600fL, etc.
+# $NetBSD: buildlink2.mk,v 1.9 2003/09/11 04:10:38 jlam Exp $
 
 .if !defined(OPENSSL_BUILDLINK2_MK)
 OPENSSL_BUILDLINK2_MK=	# defined
 
 .include "../../mk/bsd.prefs.mk"
 
-# OpenSSL version numbers from <openssl/opensslv.h>
-OPENSSL_VERSION_095A=		0x0090581fL
-OPENSSL_VERSION_096=		0x0090600fL
-OPENSSL_VERSION_096A=		0x0090601fL
-OPENSSL_VERSION_096B=		0x0090602fL
-OPENSSL_VERSION_096D=		0x0090604fL
-OPENSSL_VERSION_096E=		0x0090605fL
-OPENSSL_VERSION_096F=		0x0090606fL
-OPENSSL_VERSION_096G=		0x0090607fL
-OPENSSL_VERSION_096H=		0x0090608fL
-OPENSSL_VERSION_096I=		0x0090609fL
-OPENSSL_VERSION_096J=		0x0090610fL
-OPENSSL_VERSION_097A=		0x0090701fL
-OPENSSL_VERSION_097B=		0x0090702fL
-
-# Check for a usable installed version of OpenSSL. Version must be greater
-# than 0.9.6f, or else contain a fix for the 2002-07-30 security advisory.
-# If a usable version isn't present, then use the pkgsrc OpenSSL package.
+# This is the ${PKGNAME} of the version of the OpenSSL package installed
+# by pkgsrc.
 #
-_NEED_OPENSSL=		YES
-
-_OPENSSLV_H=		/usr/include/openssl/opensslv.h
-_SSL_H=			/usr/include/openssl/ssl.h
-
-.if exists(${_OPENSSLV_H}) && exists(${_SSL_H})
-_IN_TREE_OPENSSL_HAS_FIX!=						\
-		${AWK} 'BEGIN { ans = "NO" }				\
-		/SSL_R_SSL2_CONNECTION_ID_TOO_LONG/ { ans = "YES" }	\
-		END { print ans; exit 0 }' ${_SSL_H}
+_OPENSSL_PKGSRC_PKGNAME=	openssl-0.9.6gnb2
 
-.  if ${_IN_TREE_OPENSSL_HAS_FIX} == "YES"
-USE_OPENSSL_VERSION?=	${OPENSSL_VERSION_096F}
-.  else
-USE_OPENSSL_VERSION?=	${OPENSSL_VERSION_096G}
-.  endif
+BUILDLINK_DEPENDS.openssl?=	openssl>=0.9.6g
+BUILDLINK_PKGSRCDIR.openssl?=	../../security/openssl
 
-_OPENSSL_VERSION!=	${AWK} '/.*OPENSSL_VERSION_NUMBER.*/ { print $$3 }' \
-				${_OPENSSLV_H}
+BUILDLINK_CHECK_BUILTIN.openssl?=	NO
 
-# There never was a package for this; only the in-tree openssl had it.
-#_VALID_SSL_VERSIONS=	${OPENSSL_VERSION_096F}		# OpenSSL 0.9.6f
-#BUILDLINK_DEPENDS.openssl=	openssl>=0.9.6f
+_OPENSSL_OPENSSLV_H=	/usr/include/openssl/opensslv.h
+_OPENSSL_SSL_H=		/usr/include/openssl/ssl.h
 
-.  if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096G}	# OpenSSL 0.9.6g
-_VALID_SSL_VERSIONS=	${OPENSSL_VERSION_096G}
-BUILDLINK_DEPENDS.openssl=	openssl>=0.9.6g
-.  else
-_VALID_SSL_VERSIONS+=	${OPENSSL_VERSION_096G}
+.if !defined(BUILDLINK_IS_BUILTIN.openssl)
+BUILDLINK_IS_BUILTIN.openssl=	NO
+.  if exists(${_OPENSSL_OPENSSLV_H})
+BUILDLINK_IS_BUILTIN.openssl=	YES
 .  endif
+.endif
 
-# For 0.9.7a or 0.9.7b it must be installed as the package currently only
-# support through 0.9.6g
-.  if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_097A}	# OpenSSL 0.9.7a
-.    if (${_OPENSSL_VERSION} != ${OPENSSL_VERSION_097A}) && (${_OPENSSL_VERSION} != OPENSSL_VERSION_097B})
-PKG_SKIP_REASON=	"OpenSSL 0.9.7a or higher not installed."
-.    else
-_VALID_SSL_VERSIONS=	${OPENSSL_VERSION_097A}
-BUILDLINK_DEPENDS.openssl=	openssl>=0.9.7a
+.if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[yY][eE][sS])
+_NEED_OPENSSL=	NO
+.else
+.  if !empty(BUILDLINK_IS_BUILTIN.openssl:M[nN][oO])
+_NEED_OPENSSL=	YES
+.  elif !defined(_NEED_OPENSSL)
+_OPENSSL_HAS_FIX=	NO
+.    if exists(${_OPENSSL_SSL_H})
+_OPENSSL_HAS_20020730_FIX!=						\
+	${AWK} 'BEGIN { ans = "NO" }					\
+		/SSL_R_SSL2_CONNECTION_ID_TOO_LONG/ { ans = "YES" }	\
+		END { print ans; exit 0 }				\
+	' ${_OPENSSL_SSL_H}
 .    endif
-.  else
-.    if (${_OPENSSL_VERSION} == ${OPENSSL_VERSION_097A}) || (${_OPENSSL_VERSION} == OPENSSL_VERSION_097B})
-_VALID_SSL_VERSIONS+=	${OPENSSL_VERSION_097A}
+#
+# Create an appropriate name for the built-in package distributed
+# with the system.  This package name can be used to check against
+# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc
+# version or if the built-in one is sufficient.
+#
+_OPENSSL_MAJOR!=							\
+	${AWK} '/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			print int(substr($$3, 3, 1)); exit 0;		\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_MINOR!=							\
+	${AWK} '/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			print "." int(substr($$3, 4, 2)); exit 0;	\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_TEENY!=							\
+	${AWK} '/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			print "." int(substr($$3, 6, 2)); exit 0;	\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_PATCHLEVEL!=							\
+	${AWK} 'BEGIN { split("abcdefghijklmnopqrstuvwxyz", alpha, "") } \
+		/\#define[ 	]*OPENSSL_VERSION_NUMBER/ {		\
+			i = int(substr($$3, 8, 2));			\
+			if (i == 0) {					\
+				print "";				\
+			} else if (i > 26) {				\
+				print "a";				\
+			} else {					\
+				print alpha[i];				\
+			}						\
+			exit 0;						\
+		}							\
+	' ${_OPENSSL_OPENSSLV_H}
+_OPENSSL_VERSION=	${_OPENSSL_MAJOR}${_OPENSSL_MINOR}${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL}
+_OPENSSL_PKG=	openssl-${_OPENSSL_VERSION}
+#
+# If the built-in OpenSSL software is 0.9.6[ef], then check whether it
+# contains the fix for the 20020730 security advisory.  If it does, then
+# treat it as the equivalent of openssl-0.9.6g.  This is not strictly
+# true, but is good enough since the main differences between 0.9.6e
+# and 0.9.6g are security fixes that NetBSD has already patched into it's
+# built-in OpenSSL software.
+#
+.    if !empty(_OPENSSL_VERSION:M0\.9\.6[ef]) && \
+	(${_OPENSSL_HAS_20020730_FIX} == "YES")
+_OPENSSL_PKG=	openssl-0.9.6g
 .    endif
-.  endif
+_OPENSSL_DEPENDS=	${BUILDLINK_DEPENDS.openssl}
+_NEED_OPENSSL!=		\
+	if ${PKG_ADMIN} pmatch '${_OPENSSL_DEPENDS}' ${_OPENSSL_PKG}; then \
+		${ECHO} "NO";						\
+	else								\
+		${ECHO} "YES";						\
+	fi
+MAKEFLAGS+=	_NEED_OPENSSL="${_NEED_OPENSSL}"
+.  endif   # !defined(_NEED_OPENSSL)
+.endif
 
-.  if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_097B}	# OpenSSL 0.9.7b
-.    if ${_OPENSSL_VERSION} != ${OPENSSL_VERSION_097B}
-PKG_SKIP_REASON=        "OpenSSL 0.9.7b or higher not installed."
-.    else
-_VALID_SSL_VERSIONS=	${OPENSSL_VERSION_097B}
-BUILDLINK_DEPENDS.openssl=	openssl>=0.9.7b
-.    endif
-.  else
-.    if ${_OPENSSL_VERSION} == ${OPENSSL_VERSION_097B}
-_VALID_SSL_VERSIONS+=	${OPENSSL_VERSION_097B}
-.    endif
-.  endif
+.if !defined(_NEED_NEWER_OPENSSL)
+_NEED_NEWER_OPENSSL!=	\
+	if ${PKG_ADMIN} pmatch '${BUILDLINK_DEPENDS.openssl}' ${_OPENSSL_PKGSRC_PKGNAME}; then \
+		${ECHO} "NO";						\
+	else								\
+		${ECHO} "YES";						\
+	fi
+MAKEFLAGS+=	_NEED_NEWER_OPENSSL="${_NEED_NEWER_OPENSSL}"
+.endif
 
-.  for PATTERN in ${_VALID_SSL_VERSIONS}
-.    if ${_OPENSSL_VERSION:M${PATTERN}} != ""
-_NEED_OPENSSL=		NO
-.    endif
-.  endfor
-.endif	# exists(${_OPENSSLV_H}) && exists(${_SSL_H})
+.if (${_NEED_OPENSSL} == "YES") && (${_NEED_NEWER_OPENSSL} == "YES")
+PKG_SKIP_REASON=	"Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}"
+.endif
 
-BUILDLINK_DEPENDS.openssl?=	openssl>=0.9.6g
-BUILDLINK_PKGSRCDIR.openssl?=	../../security/openssl
+.if ${_NEED_OPENSSL} == "YES"
+.  if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS])
+BUILDLINK_DEPENDS+=	rsaref
+.    include "../../security/rsaref/buildlink3.mk"
+.  endif
+.endif
 
 .if ${_NEED_OPENSSL} == "YES"
-BUILDLINK_PACKAGES+=		openssl
-EVAL_PREFIX+=	BUILDLINK_PREFIX.openssl=openssl
+BUILDLINK_PACKAGES+=			openssl
+EVAL_PREFIX+=				BUILDLINK_PREFIX.openssl=openssl
 BUILDLINK_PREFIX.openssl_DEFAULT=	${LOCALBASE}
-SSLBASE=			${BUILDLINK_PREFIX.openssl}
 .else
-BUILDLINK_PREFIX.openssl=	/usr
-SSLBASE=			/usr
+BUILDLINK_PREFIX.openssl=		/usr
 .endif
+SSLBASE=		${BUILDLINK_PREFIX.openssl}
+BUILD_DEFS+=		SSLBASE
 
 .if defined(PKG_SYSCONFDIR.openssl)
-SSLCERTS=			${PKG_SYSCONFDIR.openssl}/certs
+SSLCERTS=		${PKG_SYSCONFDIR.openssl}/certs
 .elif ${OPSYS} == "NetBSD"
-SSLCERTS=			/etc/openssl/certs
+SSLCERTS=		/etc/openssl/certs
 .else
-SSLCERTS=			${PKG_SYSCONFBASE}/openssl/certs
+SSLCERTS=		${PKG_SYSCONFBASE}/openssl/certs
 .endif
-BUILD_DEFS+=			SSLBASE SSLCERTS
+BUILD_DEFS+=		SSLCERTS
 
 BUILDLINK_FILES.openssl=	include/openssl/*
 BUILDLINK_FILES.openssl+=	lib/libRSAglue.*
 BUILDLINK_FILES.openssl+=	lib/libcrypto.*
 BUILDLINK_FILES.openssl+=	lib/libssl.*
 
-.if ${_NEED_OPENSSL} == "YES"
-.  if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES
-.    include "../../security/rsaref/buildlink2.mk"
-.  endif
-.endif
-
 BUILDLINK_TARGETS+=	openssl-buildlink
 
 openssl-buildlink: _BUILDLINK_USE
author	jlam <jlam>	2003-09-11 04:10:38 +0000
committer	jlam <jlam>	2003-09-11 04:10:38 +0000
commit	36394a85ef1336eb32e44815735a4cf7677b3969 (patch)
tree	3158b57e860c88f8a1499c41cae705b484f9b91d /security
parent	d0e4e8479b346a229886579163ce5d6805b95076 (diff)
download	pkgsrc-36394a85ef1336eb32e44815735a4cf7677b3969.tar.gz