diff options
author | jlam <jlam@pkgsrc.org> | 2004-03-10 17:57:14 +0000 |
---|---|---|
committer | jlam <jlam@pkgsrc.org> | 2004-03-10 17:57:14 +0000 |
commit | d68193d4743931877544a7e52ed44171707b858d (patch) | |
tree | 1226d07b8f66083168895189decc88848b70903f /security | |
parent | 55bd3391bd2b274e284613fb1e70cd0190dd4ed8 (diff) | |
download | pkgsrc-d68193d4743931877544a7e52ed44171707b858d.tar.gz |
Split out the code that deals with checking whether the software is
built-in or not into a separate builtin.mk file. The code to deal
checking for built-in software is much simpler to deal with in pkgsrc.
The buildlink3.mk file for a package will be of the usual format
regardless of the package, which makes it simpler for packagers to
update a package.
The builtin.mk file for a package must define a single yes/no variable
USE_BUILTIN.<pkg> that is used by bsd.buildlink3.mk to decide whether
to use the built-in software or to use the pkgsrc software.
Diffstat (limited to 'security')
-rw-r--r-- | security/PAM/buildlink3.mk | 52 | ||||
-rw-r--r-- | security/PAM/builtin.mk | 15 | ||||
-rw-r--r-- | security/heimdal/buildlink3.mk | 118 | ||||
-rw-r--r-- | security/heimdal/builtin.mk | 80 | ||||
-rw-r--r-- | security/openssl/buildlink3.mk | 186 | ||||
-rw-r--r-- | security/openssl/builtin.mk | 135 | ||||
-rw-r--r-- | security/tcp_wrappers/buildlink3.mk | 39 | ||||
-rw-r--r-- | security/tcp_wrappers/builtin.mk | 15 |
8 files changed, 278 insertions, 362 deletions
diff --git a/security/PAM/buildlink3.mk b/security/PAM/buildlink3.mk index 8716a50b62d..658a2bc520f 100644 --- a/security/PAM/buildlink3.mk +++ b/security/PAM/buildlink3.mk @@ -1,56 +1,18 @@ -# $NetBSD: buildlink3.mk,v 1.11 2004/02/18 16:35:27 jlam Exp $ +# $NetBSD: buildlink3.mk,v 1.12 2004/03/10 17:57:14 jlam Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ PAM_BUILDLINK3_MK:= ${PAM_BUILDLINK3_MK}+ -.include "../../mk/bsd.prefs.mk" +.if !empty(BUILDLINK_DEPTH:M+) +BUILDLINK_DEPENDS+= pam +.endif + +BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Npam} +BUILDLINK_PACKAGES+= pam .if !empty(PAM_BUILDLINK3_MK:M+) -BUILDLINK_PACKAGES+= pam BUILDLINK_DEPENDS.pam+= PAM>=0.75 BUILDLINK_PKGSRCDIR.pam?= ../../security/PAM .endif # PAM_BUILDLINK3_MK -BUILDLINK_CHECK_BUILTIN.pam?= NO - -.if !defined(BUILDLINK_IS_BUILTIN.pam) -BUILDLINK_IS_BUILTIN.pam= NO -. if exists(/usr/include/security/pam_appl.h) -BUILDLINK_IS_BUILTIN.pam= YES -. endif -.endif - -.if !empty(BUILDLINK_CHECK_BUILTIN.pam:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.pam= YES -.endif - -.if !defined(BUILDLINK_USE_BUILTIN.pam) -. if !empty(BUILDLINK_IS_BUILTIN.pam:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.pam= YES -. else -BUILDLINK_USE_BUILTIN.pam= NO -. endif - -. if !empty(PREFER_NATIVE:M[yY][eE][sS]) && \ - !empty(BUILDLINK_IS_BUILTIN.pam:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.pam= YES -. endif -. if !empty(PREFER_PKGSRC:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.pam= NO -. endif -. if !empty(PREFER_NATIVE:Mpam) && \ - !empty(BUILDLINK_IS_BUILTIN.pam:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.pam= YES -. endif -. if !empty(PREFER_PKGSRC:Mpam) -BUILDLINK_USE_BUILTIN.pam= NO -. endif -.endif - -.if !empty(BUILDLINK_USE_BUILTIN.pam:M[nN][oO]) -. if !empty(BUILDLINK_DEPTH:M+) -BUILDLINK_DEPENDS+= pam -. endif -.endif - BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} diff --git a/security/PAM/builtin.mk b/security/PAM/builtin.mk new file mode 100644 index 00000000000..cd234981780 --- /dev/null +++ b/security/PAM/builtin.mk @@ -0,0 +1,15 @@ +# $NetBSD: builtin.mk,v 1.1 2004/03/10 17:57:14 jlam Exp $ + +.if !defined(IS_BUILTIN.pam) +IS_BUILTIN.pam= no +. if exists(/usr/include/security/pam_appl.h) +IS_BUILTIN.pam= yes +. endif +.endif + +CHECK_BUILTIN.pam?= no +.if !empty(CHECK_BUILTIN.pam:M[yY][eE][sS]) +USE_BUILTIN.pam= yes +.endif + +USE_BUILTIN.pam?= ${IS_BUILTIN.pam} diff --git a/security/heimdal/buildlink3.mk b/security/heimdal/buildlink3.mk index f7575d77e61..a9d0d9d22d3 100644 --- a/security/heimdal/buildlink3.mk +++ b/security/heimdal/buildlink3.mk @@ -1,123 +1,19 @@ -# $NetBSD: buildlink3.mk,v 1.13 2004/02/18 16:35:27 jlam Exp $ +# $NetBSD: buildlink3.mk,v 1.14 2004/03/10 17:57:14 jlam Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ HEIMDAL_BUILDLINK3_MK:= ${HEIMDAL_BUILDLINK3_MK}+ -.include "../../mk/bsd.prefs.mk" +.if !empty(BUILDLINK_DEPTH:M+) +BUILDLINK_DEPENDS+= heimdal +.endif + +BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Nheimdal} +BUILDLINK_PACKAGES+= heimdal .if !empty(HEIMDAL_BUILDLINK3_MK:M+) -BUILDLINK_PACKAGES+= heimdal BUILDLINK_DEPENDS.heimdal+= heimdal>=0.4e BUILDLINK_PKGSRCDIR.heimdal?= ../../security/heimdal BUILDLINK_INCDIRS.heimdal?= include/krb5 .endif # HEIMDAL_BUILDLINK3_MK -BUILDLINK_CHECK_BUILTIN.heimdal?= NO - -_KRB5_KRB5_H= /usr/include/krb5/krb5.h - -.if !defined(BUILDLINK_IS_BUILTIN.heimdal) -BUILDLINK_IS_BUILTIN.heimdal= NO -. if exists(${_KRB5_KRB5_H}) -_IS_BUILTIN.heimdal!= \ - if ${GREP} -q heimdal_version ${_KRB5_KRB5_H}; then \ - ${ECHO} "YES"; \ - else \ - ${ECHO} "NO"; \ - fi -BUILDLINK_IS_BUILTIN.heimdal= ${_IS_BUILTIN.heimdal} -. if !empty(BUILDLINK_CHECK_BUILTIN.heimdal:M[nN][oO]) && \ - !empty(_IS_BUILTIN.heimdal:M[yY][eE][sS]) -# -# Create an appropriate name for the built-in package distributed -# with the system. This package name can be used to check against -# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc -# version or if the built-in one is sufficient. -# -# heimdal<=0.6 doesn't have a method of checking the headers to discover -# the version number of the software. Match up heimdal versions with -# OS versions for an approximate determination of the heimdal version. -# -. if !defined(_HEIMDAL_VERSION) -_HEIMDAL_VERSIONS= 0.6 0.5 0.4e 0.3f 0.3e -_HEIMDAL_0.6= NetBSD-1.6[U-Z]-* NetBSD-1.6Z*-* NetBSD-[2-9]*-* -_HEIMDAL_0.5= NetBSD-1.6[I-T]-* -_HEIMDAL_0.4e= NetBSD-1.6[A-H]-* \ - NetBSD-1.6-* NetBSD-1.6_*-* NetBSD-1.6.*-* \ - NetBSD-1.5[YZ]-* NetBSD-1.5Z*-* -_HEIMDAL_0.3f= NetBSD-1.5X-* -_HEIMDAL_0.3e= NetBSD-1.5[UVW]-* \ - NetBSD-1.5.*-* -. for _heimdal_version_ in ${_HEIMDAL_VERSIONS} -. for _pattern_ in ${_HEIMDAL_${_heimdal_version_}} -. if !empty(MACHINE_PLATFORM:M${_pattern_}) -_HEIMDAL_VERSION?= ${_heimdal_version_} -. endif -. endfor -. endfor -_HEIMDAL_VERSION?= 0.2t -. endif -_HEIMDAL_PKG= heimdal-${_HEIMDAL_VERSION} -BUILDLINK_IS_BUILTIN.heimdal?= YES -. for _depend_ in ${BUILDLINK_DEPENDS.heimdal} -. if !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) -BUILDLINK_IS_BUILTIN.heimdal!= \ - if ${PKG_ADMIN} pmatch '${_depend_}' ${_HEIMDAL_PKG}; then \ - ${ECHO} "YES"; \ - else \ - ${ECHO} "NO"; \ - fi -. endif -. endfor -. endif -. endif -MAKEFLAGS+= BUILDLINK_IS_BUILTIN.heimdal=${BUILDLINK_IS_BUILTIN.heimdal} -.endif - -.if !empty(BUILDLINK_CHECK_BUILTIN.heimdal:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.heimdal= YES -.endif - -.if !defined(BUILDLINK_USE_BUILTIN.heimdal) -. if !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.heimdal= YES -. else -BUILDLINK_USE_BUILTIN.heimdal= NO -. endif - -. if !empty(PREFER_NATIVE:M[yY][eE][sS]) && \ - !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.heimdal= YES -. endif -. if !empty(PREFER_PKGSRC:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.heimdal= NO -. endif -. if !empty(PREFER_NATIVE:Mheimdal) && \ - !empty(BUILDLINK_IS_BUILTIN.heimdal:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.heimdal= YES -. endif -. if !empty(PREFER_PKGSRC:Mheimdal) -BUILDLINK_USE_BUILTIN.heimdal= NO -. endif -.endif - -.if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[nN][oO]) -# -# If we depend on the package, depend on the latest version with a library -# major number bump. -# -BUILDLINK_DEPENDS.heimdal+= heimdal>=0.6 -. if !empty(BUILDLINK_DEPTH:M+) -BUILDLINK_DEPENDS+= heimdal -. endif -.endif - -.if !empty(HEIMDAL_BUILDLINK3_MK:M+) -. if !empty(BUILDLINK_USE_BUILTIN.heimdal:M[nN][oO]) -KRB5_CONFIG?= ${BUILDLINK_PREFIX.heimdal}/bin/krb5-config -CONFIGURE_ENV+= KRB5_CONFIG="${KRB5_CONFIG}" -MAKE_ENV+= KRB5_CONFIG="${KRB5_CONFIG}" -. endif -.endif # HEIMDAL_BUILDLINK3_MK - BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} diff --git a/security/heimdal/builtin.mk b/security/heimdal/builtin.mk new file mode 100644 index 00000000000..5267e9e0b75 --- /dev/null +++ b/security/heimdal/builtin.mk @@ -0,0 +1,80 @@ +# $NetBSD: builtin.mk,v 1.1 2004/03/10 17:57:14 jlam Exp $ + +_KRB5_KRB5_H= /usr/include/krb5/krb5.h + +.if !defined(IS_BUILTIN.heimdal) +IS_BUILTIN.heimdal= no +. if exists(${_KRB5_KRB5_H}) +IS_BUILTIN.heimdal!= \ + if ${GREP} -q heimdal_version ${_KRB5_KRB5_H}; then \ + ${ECHO} "yes"; \ + else \ + ${ECHO} "no"; \ + fi +. if !empty(IS_BUILTIN.heimdal:M[yY][eE][sS]) +# +# Create an appropriate name for the built-in package distributed +# with the system. This package name can be used to check against +# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc +# version or if the built-in one is sufficient. +# +# heimdal<=0.6 doesn't have a method of checking the headers to discover +# the version number of the software. Match up heimdal versions with +# OS versions for an approximate determination of the heimdal version. +# +. if !defined(_HEIMDAL_VERSION) +_HEIMDAL_VERSIONS= 0.6 0.5 0.4e 0.3f 0.3e +_HEIMDAL_0.6= NetBSD-1.6[U-Z]-* NetBSD-1.6Z*-* NetBSD-[2-9]*-* +_HEIMDAL_0.5= NetBSD-1.6[I-T]-* +_HEIMDAL_0.4e= NetBSD-1.6[A-H]-* \ + NetBSD-1.6-* NetBSD-1.6_*-* NetBSD-1.6.*-* \ + NetBSD-1.5[YZ]-* NetBSD-1.5Z*-* +_HEIMDAL_0.3f= NetBSD-1.5X-* +_HEIMDAL_0.3e= NetBSD-1.5[UVW]-* \ + NetBSD-1.5.*-* +. for _heimdal_version_ in ${_HEIMDAL_VERSIONS} +. for _pattern_ in ${_HEIMDAL_${_heimdal_version_}} +. if !empty(MACHINE_PLATFORM:M${_pattern_}) +_HEIMDAL_VERSION?= ${_heimdal_version_} +. endif +. endfor +. endfor +_HEIMDAL_VERSION?= 0.2t +. endif +BUILTIN_PKG.heimdal= heimdal-${_HEIMDAL_VERSION} +MAKEFLAGS+= BUILTIN_PKG.heimdal=${BUILTIN_PKG.heimdal} +. endif +. endif +MAKEFLAGS+= IS_BUILTIN.heimdal=${IS_BUILTIN.heimdal} +.endif + +CHECK_BUILTIN.heimdal?= no +.if !empty(CHECK_BUILTIN.heimdal:M[yY][eE][sS]) +USE_BUILTIN.heimdal= yes +.endif + +.if !defined(USE_BUILTIN.heimdal) +USE_BUILTIN.heimdal?= ${IS_BUILTIN.heimdal} + +. if defined(BUILTIN_PKG.heimdal) +USE_BUILTIN.heimdal= yes +. for _depend_ in ${BUILDLINK_DEPENDS.heimdal} +. if !empty(USE_BUILTIN.heimdal:M[yY][eE][sS]) +USE_BUILTIN.heimdal!= \ + if ${PKG_ADMIN} pmatch '${_depend_}' ${BUILTIN_PKG.heimdal}; then \ + ${ECHO} "yes"; \ + else \ + ${ECHO} "no"; \ + fi +. endif +. endfor +. endif +.endif # USE_BUILTIN.heimdal + +.if !empty(USE_BUILTIN.heimdal:M[nN][oO]) +BUILDLINK_DEPENDS.heimdal+= heimdal>=0.6 + +KRB5_CONFIG?= ${BUILDLINK_PREFIX.heimdal}/bin/krb5-config +CONFIGURE_ENV+= KRB5_CONFIG="${KRB5_CONFIG}" +MAKE_ENV+= KRB5_CONFIG="${KRB5_CONFIG}" +.endif # HEIMDAL_BUILDLINK3_MK diff --git a/security/openssl/buildlink3.mk b/security/openssl/buildlink3.mk index 163bd2ab162..5002ed30884 100644 --- a/security/openssl/buildlink3.mk +++ b/security/openssl/buildlink3.mk @@ -1,173 +1,21 @@ -# $NetBSD: buildlink3.mk,v 1.15 2004/02/18 16:35:27 jlam Exp $ +# $NetBSD: buildlink3.mk,v 1.16 2004/03/10 17:57:15 jlam Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ OPENSSL_BUILDLINK3_MK:= ${OPENSSL_BUILDLINK3_MK}+ .include "../../mk/bsd.prefs.mk" -.if !empty(OPENSSL_BUILDLINK3_MK:M+) -# -# This is the ${PKGNAME} of the version of the OpenSSL package installed -# by pkgsrc. -# -_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6l - -BUILDLINK_PACKAGES+= openssl -BUILDLINK_DEPENDS.openssl+= openssl>=0.9.6l -BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl -.endif # OPENSSL_BUILDLINK3_MK - -BUILDLINK_CHECK_BUILTIN.openssl?= NO - -_OPENSSL_OPENSSLV_H= /usr/include/openssl/opensslv.h - -.if !defined(BUILDLINK_IS_BUILTIN.openssl) -BUILDLINK_IS_BUILTIN.openssl= NO -. if exists(${_OPENSSL_OPENSSLV_H}) -BUILDLINK_IS_BUILTIN.openssl= YES -. if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[nN][oO]) -# -# Create an appropriate name for the built-in package distributed -# with the system. This package name can be used to check against -# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc -# version or if the built-in one is sufficient. -# -_OPENSSL_MAJOR!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = index(hex, substr($$3, 3, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_MINOR!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = 16 * (index(hex, substr($$3, 4, 1)) - 1); \ - i += index(hex, substr($$3, 5, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_TEENY!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = 16 * (index(hex, substr($$3, 6, 1)) - 1); \ - i += index(hex, substr($$3, 7, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_PATCHLEVEL!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef"; \ - split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \ - } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = 16 * (index(hex, substr($$3, 8, 1)) - 1); \ - i += index(hex, substr($$3, 9, 1)) - 1; \ - if (i == 0) { \ - print ""; \ - } else if (i > 26) { \ - print "a"; \ - } else { \ - print alpha[i]; \ - } \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_VERSION= ${_OPENSSL_MAJOR}.${_OPENSSL_MINOR}.${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL} -_OPENSSL_PKG= openssl-${_OPENSSL_VERSION} -# -# If the built-in OpenSSL software is 0.9.6g, then check whether it -# contains the security fixes pulled up to netbsd-1-6 on 2003-11-07. -# If it does, then treat it as the equivalent of openssl-0.9.6l. This -# is not strictly true, but is good enough since the main differences -# between 0.9.6g and 0.9.6l are security fixes that NetBSD has already -# patched into its built-in OpenSSL software. -# -_OPENSSL_HAS_FIX!= \ - ${AWK} 'BEGIN { ans = "NO" } \ - /OPENSSL_HAS_20031107_FIX/ { ans = "YES" } \ - END { print ans; exit 0 } \ - ' ${_OPENSSL_OPENSSLV_H} -. if !empty(_OPENSSL_VERSION:M0\.9\.6g) && (${_OPENSSL_HAS_FIX} == "YES") -_OPENSSL_PKG= openssl-0.9.6l -. endif - -BUILDLINK_IS_BUILTIN.openssl?= YES -. for _depend_ in ${BUILDLINK_DEPENDS.openssl} -. if !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_IS_BUILTIN.openssl!= \ - if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKG}; then \ - ${ECHO} "YES"; \ - else \ - ${ECHO} "NO"; \ - fi -. endif -. endfor -. endif -. endif -MAKEFLAGS+= BUILDLINK_IS_BUILTIN.openssl=${BUILDLINK_IS_BUILTIN.openssl} -.endif - -.if !empty(BUILDLINK_CHECK_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -.endif - -.if !defined(BUILDLINK_USE_BUILTIN.openssl) -. if !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -. else -BUILDLINK_USE_BUILTIN.openssl= NO -. endif - -. if !empty(PREFER_NATIVE:M[yY][eE][sS]) && \ - !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -. endif -. if !empty(PREFER_PKGSRC:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= NO -. endif -. if !empty(PREFER_NATIVE:Mopenssl) && \ - !empty(BUILDLINK_IS_BUILTIN.openssl:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.openssl= YES -. endif -. if !empty(PREFER_PKGSRC:Mopenssl) -BUILDLINK_USE_BUILTIN.openssl= NO -. endif -.endif - -.if !defined(_NEED_NEWER_OPENSSL) -_NEED_NEWER_OPENSSL?= NO -. for _depend_ in ${BUILDLINK_DEPENDS.openssl} -. if !empty(_NEED_NEWER_OPENSSL:M[nN][oO]) -_NEED_NEWER_OPENSSL!= \ - if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKGSRC_PKGNAME}; then \ - ${ECHO} "NO"; \ - else \ - ${ECHO} "YES"; \ - fi -. endif -. endfor -MAKEFLAGS+= _NEED_NEWER_OPENSSL=${_NEED_NEWER_OPENSSL} -.endif - -.if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO]) && \ - (${_NEED_NEWER_OPENSSL} == "YES") -PKG_SKIP_REASON= "Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}" -.endif - -.if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO]) -. if !empty(BUILDLINK_DEPTH:M+) +.if !empty(BUILDLINK_DEPTH:M+) BUILDLINK_DEPENDS+= openssl -. if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS]) -BUILDLINK_DEPENDS+= rsaref -. endif -. endif .endif +BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Nopenssl} +BUILDLINK_PACKAGES+= openssl + .if !empty(OPENSSL_BUILDLINK3_MK:M+) -# +BUILDLINK_DEPENDS.openssl+= openssl>=0.9.6l +BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl + # Ensure that -lcrypt comes before -lcrypto when linking so that the # system crypt() routine is used. # @@ -176,22 +24,10 @@ BUILDLINK_TRANSFORM+= reorder:l:crypt:crypto SSLBASE= ${BUILDLINK_PREFIX.openssl} BUILD_DEFS+= SSLBASE -. if defined(PKG_SYSCONFDIR.openssl) -SSLCERTS= ${PKG_SYSCONFDIR.openssl}/certs -. elif ${OPSYS} == "NetBSD" -SSLCERTS= /etc/openssl/certs -. elif !empty(BUILDLINK_USE_BUILTIN.openssl:M[yY][eE][sS]) -SSLCERTS= /etc/ssl/certs # likely place where certs live -. else -SSLCERTS= ${PKG_SYSCONFBASEDIR}/openssl/certs -. endif -BUILD_DEFS+= SSLCERTS +.if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS]) +. include "../../security/rsaref/buildlink3.mk" +.endif -. if !empty(BUILDLINK_USE_BUILTIN.openssl:M[nN][oO]) -. if defined(USE_RSAREF2) && !empty(USE_RSAREF2:M[yY][eE][sS]) -. include "../../security/rsaref/buildlink3.mk" -. endif -. endif .endif # OPENSSL_BUILDLINK3_MK BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} diff --git a/security/openssl/builtin.mk b/security/openssl/builtin.mk new file mode 100644 index 00000000000..c347cf00069 --- /dev/null +++ b/security/openssl/builtin.mk @@ -0,0 +1,135 @@ +# $NetBSD: builtin.mk,v 1.1 2004/03/10 17:57:15 jlam Exp $ + +_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6l +_OPENSSL_OPENSSLV_H= /usr/include/openssl/opensslv.h + +.if !defined(IS_BUILTIN.openssl) +IS_BUILTIN.openssl= no +. if exists(${_OPENSSL_OPENSSLV_H}) +IS_BUILTIN.openssl= yes +# +# Create an appropriate name for the built-in package distributed +# with the system. This package name can be used to check against +# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc +# version or if the built-in one is sufficient. +# +_OPENSSL_MAJOR!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef" } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = index(hex, substr($$3, 3, 1)) - 1; \ + print i; \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_MINOR!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef" } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = 16 * (index(hex, substr($$3, 4, 1)) - 1); \ + i += index(hex, substr($$3, 5, 1)) - 1; \ + print i; \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_TEENY!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef" } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = 16 * (index(hex, substr($$3, 6, 1)) - 1); \ + i += index(hex, substr($$3, 7, 1)) - 1; \ + print i; \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_PATCHLEVEL!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef"; \ + split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \ + } \ + /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + i = 16 * (index(hex, substr($$3, 8, 1)) - 1); \ + i += index(hex, substr($$3, 9, 1)) - 1; \ + if (i == 0) { \ + print ""; \ + } else if (i > 26) { \ + print "a"; \ + } else { \ + print alpha[i]; \ + } \ + exit 0; \ + } \ + ' ${_OPENSSL_OPENSSLV_H} +_OPENSSL_VERSION= ${_OPENSSL_MAJOR}.${_OPENSSL_MINOR}.${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL} +BUILTIN_PKG.openssl= openssl-${_OPENSSL_VERSION} +# +# If the built-in OpenSSL software is 0.9.6g, then check whether it +# contains the security fixes pulled up to netbsd-1-6 on 2003-11-07. +# If it does, then treat it as the equivalent of openssl-0.9.6l. This +# is not strictly true, but is good enough since the main differences +# between 0.9.6g and 0.9.6l are security fixes that NetBSD has already +# patched into its built-in OpenSSL software. +# +_OPENSSL_HAS_FIX!= \ + ${AWK} 'BEGIN { ans = "no" } \ + /OPENSSL_HAS_20031107_FIX/ { ans = "yes" } \ + END { print ans; exit 0 } \ + ' ${_OPENSSL_OPENSSLV_H} +. if !empty(_OPENSSL_VERSION:M0\.9\.6g) && (${_OPENSSL_HAS_FIX} == "yes") +BUILTIN_PKG.openssl= openssl-0.9.6l +. endif +MAKEFLAGS+= BUILTIN_PKG.openssl=${BUILTIN_PKG.openssl} +. endif +MAKEFLAGS+= IS_BUILTIN.openssl=${IS_BUILTIN.openssl} +.endif + +CHECK_BUILTIN.openssl?= no +.if !empty(CHECK_BUILTIN.openssl:M[yY][eE][sS]) +USE_BUILTIN.openssl= yes +.endif + +.if !defined(USE_BUILTIN.openssl) +USE_BUILTIN.openssl?= ${IS_BUILTIN.openssl} + +. if defined(BUILTIN_PKG.openssl) +USE_BUILTIN.openssl= yes +. for _depend_ in ${BUILDLINK_DEPENDS.openssl} +. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +USE_BUILTIN.openssl!= \ + if ${PKG_ADMIN} pmatch '${_depend_}' ${BUILTIN_PKG.openssl}; then \ + ${ECHO} "yes"; \ + else \ + ${ECHO} "no"; \ + fi +. endif +. endfor +. endif +.endif # USE_BUILTIN.openssl + +.if !defined(_NEED_NEWER_OPENSSL) +_NEED_NEWER_OPENSSL?= no +. for _depend_ in ${BUILDLINK_DEPENDS.openssl} +. if !empty(_NEED_NEWER_OPENSSL:M[nN][oO]) +_NEED_NEWER_OPENSSL!= \ + if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKGSRC_PKGNAME}; then \ + ${ECHO} "no"; \ + else \ + ${ECHO} "yes"; \ + fi +. endif +. endfor +MAKEFLAGS+= _NEED_NEWER_OPENSSL=${_NEED_NEWER_OPENSSL} +.endif + +.if !empty(USE_BUILTIN.openssl:M[nN][oO]) && \ + !empty(_NEED_NEWER_OPENSSL:M[yY][eE][sS]) +PKG_SKIP_REASON= \ + "Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}" +.endif + +.if defined(PKG_SYSCONFDIR.openssl) +SSLCERTS= ${PKG_SYSCONFDIR.openssl}/certs +.elif ${OPSYS} == "NetBSD" +SSLCERTS= /etc/openssl/certs +.elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +SSLCERTS= /etc/ssl/certs # likely place where certs live +.else +SSLCERTS= ${PKG_SYSCONFBASEDIR}/openssl/certs +.endif +BUILD_DEFS+= SSLCERTS diff --git a/security/tcp_wrappers/buildlink3.mk b/security/tcp_wrappers/buildlink3.mk index b2f6e8f58d2..d2108db559e 100644 --- a/security/tcp_wrappers/buildlink3.mk +++ b/security/tcp_wrappers/buildlink3.mk @@ -1,41 +1,18 @@ -# $NetBSD: buildlink3.mk,v 1.5 2004/01/24 03:12:32 jlam Exp $ +# $NetBSD: buildlink3.mk,v 1.6 2004/03/10 17:57:15 jlam Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ TCP_WRAPPERS_BUILDLINK3_MK:= ${TCP_WRAPPERS_BUILDLINK3_MK}+ -.include "../../mk/bsd.prefs.mk" +.if !empty(BUILDLINK_DEPTH:M+) +BUILDLINK_DEPENDS+= tcp_wrappers +.endif + +BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Ntcp_wrappers} +BUILDLINK_PACKAGES+= tcp_wrappers .if !empty(TCP_WRAPPERS_BUILDLINK3_MK:M+) -BUILDLINK_PACKAGES+= tcp_wrappers BUILDLINK_DEPENDS.tcp_wrappers+= tcp_wrappers>=7.6.1nb1 BUILDLINK_PKGSRCDIR.tcp_wrappers?= ../../security/tcp_wrappers .endif # TCP_WRAPPERS_BUILDLINK3_MK -BUILDLINK_CHECK_BUILTIN.tcp_wrappers?= NO - -.if !defined(BUILDLINK_IS_BUILTIN.tcp_wrappers) -BUILDLINK_IS_BUILTIN.tcp_wrappers= NO -. if exists(/usr/include/tcpd.h) -BUILDLINK_IS_BUILTIN.tcp_wrappers= YES -. endif -.endif - -.if !empty(BUILDLINK_CHECK_BUILTIN.tcp_wrappers:M[yY][eE][sS]) -BUILDLINK_USE_BUILTIN.tcp_wrappers= YES -.endif - -.if !defined(BUILDLINK_USE_BUILTIN.tcp_wrappers) -. if !empty(BUILDLINK_IS_BUILTIN.tcp_wrappers:M[nN][oO]) -BUILDLINK_USE_BUILTIN.tcp_wrappers= NO -. else -BUILDLINK_USE_BUILTIN.tcp_wrappers= YES -. endif -.endif - -.if !empty(BUILDLINK_USE_BUILTIN.tcp_wrappers:M[nN][oO]) -. if !empty(BUILDLINK_DEPTH:M+) -BUILDLINK_DEPENDS+= tcp_wrappers -. endif -.endif - -BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} +BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} diff --git a/security/tcp_wrappers/builtin.mk b/security/tcp_wrappers/builtin.mk new file mode 100644 index 00000000000..468cc9ec558 --- /dev/null +++ b/security/tcp_wrappers/builtin.mk @@ -0,0 +1,15 @@ +# $NetBSD: builtin.mk,v 1.1 2004/03/10 17:57:15 jlam Exp $ + +.if !defined(IS_BUILTIN.tcp_wrappers) +IS_BUILTIN.tcp_wrappers= no +. if exists(/usr/include/tcpd.h) +IS_BUILTIN.tcp_wrappers= yes +. endif +.endif + +CHECK_BUILTIN.tcp_wrappers?= no +.if !empty(CHECK_BUILTIN.tcp_wrappers:M[yY][eE][sS]) +USE_BUILTIN.tcp_wrappers= yes +.endif + +USE_BUILTIN.tcp_wrappers?= ${IS_BUILTIN.tcp_wrappers} |