diff options
Diffstat (limited to 'security/openssl/builtin.mk')
-rw-r--r-- | security/openssl/builtin.mk | 211 |
1 files changed, 92 insertions, 119 deletions
diff --git a/security/openssl/builtin.mk b/security/openssl/builtin.mk index 6d8fe6e0609..35a9f1ef9c4 100644 --- a/security/openssl/builtin.mk +++ b/security/openssl/builtin.mk @@ -1,172 +1,145 @@ -# $NetBSD: builtin.mk,v 1.12 2005/03/23 09:06:38 jlam Exp $ +# $NetBSD: builtin.mk,v 1.13 2005/06/01 18:03:21 jlam Exp $ -_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.7f -_OPENSSL_OPENSSLV_H= /usr/include/openssl/opensslv.h +BUILTIN_PKG:= openssl -.for _lib_ in des -. if !defined(_BLNK_LIB_FOUND.${_lib_}) -_BLNK_LIB_FOUND.${_lib_}!= \ - if ${TEST} "`${ECHO} /usr/lib/lib${_lib_}.*`" != "/usr/lib/lib${_lib_}.*"; then \ - ${ECHO} "yes"; \ - elif ${TEST} "`${ECHO} /lib/lib${_lib_}.*`" != "/lib/lib${_lib_}.*"; then \ - ${ECHO} "yes"; \ - else \ - ${ECHO} "no"; \ - fi -BUILDLINK_VARS+= _BLNK_LIB_FOUND.${_lib_} -. endif -.endfor -.undef _lib_ +BUILTIN_FIND_LIBS:= des +BUILTIN_FIND_FILES_VAR:= H_OPENSSL +BUILTIN_FIND_FILES.H_OPENSSL= /usr/include/openssl/opensslv.h + +.include "../../mk/buildlink3/bsd.builtin.mk" +### +### Determine if there is a built-in implementation of the package and +### set IS_BUILTIN.<pkg> appropriately ("yes" or "no"). +### .if !defined(IS_BUILTIN.openssl) IS_BUILTIN.openssl= no -. if exists(${_OPENSSL_OPENSSLV_H}) +. if empty(H_OPENSSL:M${LOCALBASE}/*) && exists(${H_OPENSSL}) IS_BUILTIN.openssl= yes -# -# Create an appropriate name for the built-in package distributed -# with the system. This package name can be used to check against -# BUILDLINK_DEPENDS.<pkg> to see if we need to install the pkgsrc -# version or if the built-in one is sufficient. -# -_OPENSSL_MAJOR!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ - i = index(hex, substr($$3, 3, 1)) - 1; \ - print i; \ - exit 0; \ +. endif +.endif +MAKEVARS+= IS_BUILTIN.openssl + +### +### If there is a built-in implementation, then set BUILTIN_PKG.<pkg> to +### a package name to represent the built-in package. +### +.if !defined(BUILTIN_PKG.openssl) && \ + !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) && \ + exists (${H_OPENSSL}) +BUILTIN_VERSION.openssl!= \ + ${AWK} 'BEGIN { hex="0123456789abcdef"; \ + split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \ } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_MINOR!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + major = index(hex, substr($$3, 3, 1)) - 1; \ i = 16 * (index(hex, substr($$3, 4, 1)) - 1); \ i += index(hex, substr($$3, 5, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_TEENY!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef" } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + minor = "."i; \ i = 16 * (index(hex, substr($$3, 6, 1)) - 1); \ i += index(hex, substr($$3, 7, 1)) - 1; \ - print i; \ - exit 0; \ - } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_PATCHLEVEL!= \ - ${AWK} 'BEGIN { hex="0123456789abcdef"; \ - split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \ - } \ - /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \ + teeny = "."i; \ i = 16 * (index(hex, substr($$3, 8, 1)) - 1); \ i += index(hex, substr($$3, 9, 1)) - 1; \ if (i == 0) { \ - print ""; \ + patchlevel = ""; \ } else if (i > 26) { \ - print "a"; \ + patchlevel = "a"; \ } else { \ - print alpha[i]; \ + patchlevel = alpha[i]; \ } \ + printf "%s%s%s%s\n", \ + major, minor, teeny, patchlevel; \ exit 0; \ } \ - ' ${_OPENSSL_OPENSSLV_H} -_OPENSSL_VERSION= ${_OPENSSL_MAJOR}.${_OPENSSL_MINOR}.${_OPENSSL_TEENY}${_OPENSSL_PATCHLEVEL} -BUILTIN_PKG.openssl= openssl-${_OPENSSL_VERSION} -. if !empty(_OPENSSL_VERSION:M0\.9\.6g) + ' ${H_OPENSSL} + +. if !empty(BUILTIN_VERSION.openssl:M0\.9\.6g) && \ + exists(${H_OPENSSL}) # # If the native OpenSSL contains the security fixes pulled up to the # netbsd-1-6 branch on 2003-11-07, then pretend it's openssl-0.9.6l. # -_OPENSSL_HAS_20031107_FIX!= \ +BUILTIN_OPENSSL_HAS_20031107_FIX!= \ ${AWK} 'BEGIN { ans = "no" } \ /OPENSSL_HAS_20031107_FIX/ { ans = "yes" } \ END { print ans; exit 0 } \ - ' ${_OPENSSL_OPENSSLV_H} -. if !empty(_OPENSSL_HAS_20031107_FIX:M[yY][eE][sS]) -BUILTIN_PKG.openssl= openssl-0.9.6l -. endif + ' ${H_OPENSSL} +. if !empty(BUILTIN_OPENSSL_HAS_20031107_FIX:M[yY][eE][sS]) +BUILTIN_VERSION.openssl= 0.9.6l +. endif # # If the native OpenSSL contains the security fixes pulled up to the # netbsd-1-6 branch on 2004-04-01, then pretend it's openssl-0.9.6m. # -_OPENSSL_HAS_20040401_FIX!= \ +BUILTIN_OPENSSL_HAS_20040401_FIX!= \ ${AWK} 'BEGIN { ans = "no" } \ /OPENSSL_HAS_20040401_FIX/ { ans = "yes" } \ END { print ans; exit 0 } \ - ' ${_OPENSSL_OPENSSLV_H} -. if !empty(_OPENSSL_HAS_20040401_FIX:M[yY][eE][sS]) -BUILTIN_PKG.openssl= openssl-0.9.6m -. endif + ' ${H_OPENSSL} +. if !empty(BUILTIN_OPENSSL_HAS_20040401_FIX:M[yY][eE][sS]) +BUILTIN_VERSION.openssl= -0.9.6m . endif -BUILDLINK_VARS+= BUILTIN_PKG.openssl . endif -BUILDLINK_VARS+= IS_BUILTIN.openssl -.endif # IS_BUILTIN.openssl +BUILTIN_PKG.openssl= openssl-${BUILTIN_VERSION.openssl} +.endif +MAKEVARS+= BUILTIN_PKG.openssl +### +### Determine whether we should use the built-in implementation if it +### exists, and set USE_BUILTIN.<pkg> appropriate ("yes" or "no"). +### .if !defined(USE_BUILTIN.openssl) -USE_BUILTIN.openssl?= ${IS_BUILTIN.openssl} - -. if defined(BUILTIN_PKG.openssl) +. if ${PREFER.openssl} == "pkgsrc" +USE_BUILTIN.openssl= ${IS_BUILTIN.openssl} +. else +USE_BUILTIN.openssl= ${IS_BUILTIN.openssl} +. if defined(BUILTIN_PKG.openssl) && \ + !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) USE_BUILTIN.openssl= yes -. for _depend_ in ${BUILDLINK_DEPENDS.openssl} -. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) -USE_BUILTIN.openssl!= \ - if ${PKG_ADMIN} pmatch '${_depend_}' ${BUILTIN_PKG.openssl}; then \ - ${ECHO} "yes"; \ - else \ - ${ECHO} "no"; \ - fi -. endif -. endfor -. endif -.endif # USE_BUILTIN.openssl - -CHECK_BUILTIN.openssl?= no -.if !empty(CHECK_BUILTIN.openssl:M[nN][oO]) - -.if !defined(_NEED_NEWER_OPENSSL) -_NEED_NEWER_OPENSSL?= no -. for _depend_ in ${BUILDLINK_DEPENDS.openssl} -. if !empty(_NEED_NEWER_OPENSSL:M[nN][oO]) -_NEED_NEWER_OPENSSL!= \ - if ${PKG_ADMIN} pmatch '${_depend_}' ${_OPENSSL_PKGSRC_PKGNAME}; then \ - ${ECHO} "no"; \ +. for _dep_ in ${BUILDLINK_DEPENDS.openssl} +. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +USE_BUILTIN.openssl!= \ + if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.openssl:Q}; then \ + ${ECHO} yes; \ else \ - ${ECHO} "yes"; \ + ${ECHO} no; \ fi +. endif +. endfor . endif -. endfor -BUILDLINK_VARS+= _NEED_NEWER_OPENSSL +. endif # PREFER.openssl .endif +MAKEVARS+= USE_BUILTIN.openssl -.if !empty(USE_BUILTIN.openssl:M[nN][oO]) && \ - !empty(_NEED_NEWER_OPENSSL:M[yY][eE][sS]) -PKG_SKIP_REASON= \ - "Unable to satisfy dependency: ${BUILDLINK_DEPENDS.openssl}" -.endif +### +### The section below only applies if we are not including this file +### solely to determine whether a built-in implementation exists. +### +CHECK_BUILTIN.openssl?= no +.if !empty(CHECK_BUILTIN.openssl:M[nN][oO]) -.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) BUILDLINK_PREFIX.openssl= /usr -.endif +. endif # By default, we don't bother with the old DES API. USE_OLD_DES_API?= no -.if !empty(USE_OLD_DES_API:M[yY][eE][sS]) +. if !empty(USE_OLD_DES_API:M[yY][eE][sS]) # # If we're using the old DES API, then check to see if the old DES # code was factored out into a separate library and header files and # no longer a part of libcrypto. # -. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) -. if exists(${BUILDLINK_PREFIX.openssl}/include/des.h) && \ - !empty(_BLNK_LIB_FOUND.des:M[yY][eE][sS]) +. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +. if exists(${BUILDLINK_PREFIX.openssl}/include/des.h) && \ + !empty(BUILTIN_LIB_FOUND.des:M[yY][eE][sS]) BUILDLINK_TRANSFORM+= l:crypto:des:crypto WRAPPER_REORDER_CMDS+= reorder:l:des:crypto +. endif . endif -. endif -# The idea is to prevent needing to patch source files for packages that +# The idea is to avoid the need to patch source files for packages that # use OpenSSL for DES support by ensuring that including <openssl/des.h> # will always present the old DES API. # @@ -182,7 +155,7 @@ WRAPPER_REORDER_CMDS+= reorder:l:des:crypto # system one and <des.h>. # BUILDLINK_TARGETS+= buildlink-openssl-des-h -. if !target(buildlink-openssl-des-h) +. if !target(buildlink-openssl-des-h) .PHONY: buildlink-openssl-des-h buildlink-openssl-des-h: ${_PKG_SILENT}${_PKG_DEBUG} \ @@ -209,22 +182,22 @@ buildlink-openssl-des-h: ${ECHO} "Unable to find headers for old DES API."; \ exit 1; \ fi -. endif -.endif # USE_OLD_DES_API == yes +. endif +. endif # USE_OLD_DES_API == yes -.if defined(PKG_SYSCONFDIR.openssl) +. if defined(PKG_SYSCONFDIR.openssl) SSLCERTS= ${PKG_SYSCONFDIR.openssl}/certs SSLKEYS= ${PKG_SYSCONFDIR.openssl}/private -.elif ${OPSYS} == "NetBSD" +. elif ${OPSYS} == "NetBSD" SSLCERTS= /etc/openssl/certs SSLKEYS= /etc/openssl/private -.elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +. elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) SSLCERTS= /etc/ssl/certs # likely place where certs live SSLKEYS= /etc/ssl/private # likely place where private keys live -.else +. else SSLCERTS= ${PKG_SYSCONFBASEDIR}/openssl/certs SSLKEYS= ${PKG_SYSCONFBASEDIR}/openssl/private -.endif +. endif BUILD_DEFS+= SSLCERTS SSLKEYS .endif # CHECK_BUILTIN.openssl |