Changeset View
Standalone View
security/openssl-chelsio/Makefile
- This file was added.
Property | Old Value | New Value |
---|---|---|
svn:eol-style | null | native \ No newline at end of property |
svn:keywords | null | FreeBSD=%H \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
# Created by: Dirk Froemberg <dirk@FreeBSD.org> | |||||
# $FreeBSD$ | |||||
PORTNAME= openssl | |||||
DISTVERSION= 1.1.1 | |||||
PORTREVISION= 3 | |||||
CATEGORIES= security devel | |||||
brnrd: Appears before DIST_SUBDIR but after MASTER_SITES | |||||
MASTER_SITES= https://www.openssl.org/source/ \ | |||||
ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ | |||||
PKGNAMESUFFIX= -chelsio | |||||
MAINTAINER= jhb@FreeBSD.org | |||||
COMMENT= TLSv1.3 capable SSL and crypto library supporting Chelsio TLS offload | |||||
LICENSE= OpenSSL | |||||
LICENSE_FILE= ${WRKSRC}/LICENSE | |||||
HAS_CONFIGURE= yes | |||||
CONFIGURE_SCRIPT= config | |||||
Done Inline ActionsDoesn't conflict with any of these ports at the moment... brnrd: Doesn't conflict with any of these ports at the moment...
Can coexist with the regular ports. | |||||
CONFIGURE_ENV= PERL="${PERL}" | |||||
CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} | |||||
CONFIGURE_ARGS+= --prefix=${PREFIX}/openssl-chelsio | |||||
USES= cpe perl5 | |||||
USE_PERL5= build | |||||
TEST_TARGET= test | |||||
LDFLAGS_i386= -Wl,-znotext | |||||
#LDFLAGS= ${LDFLAGS_${ARCH}} | |||||
MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" | |||||
MAKE_ENV+= LIBRPATH="${PREFIX}/openssl-chelsio/lib" GREP_OPTIONS= | |||||
MAKE_ENV+= SHLIBVER=${OPENSSL_SHLIBVER} | |||||
OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS | |||||
OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM2 SM3 SM4 RC2 RC4 RC5 | |||||
OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 | |||||
OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS | |||||
OPTIONS_DEFINE_i386= I386 | |||||
OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 | |||||
OPTIONS_DEFINE= ASYNC CT RFC3779 ZLIB | |||||
OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC MD4 NEXTPROTONEG RC2 RC4 \ | |||||
RMD160 SCTP SSE2 THREADS TLS1 TLS1_1 TLS1_2 | |||||
OPTIONS_GROUP_OPTIMIZE_amd64= EC | |||||
.if ${MACHINE_ARCH} == "amd64" | |||||
OPTIONS_GROUP_OPTIMIZE+= EC | |||||
.elif ${MACHINE_ARCH} == "mips64el" | |||||
OPTIONS_GROUP_OPTIMIZE+= EC | |||||
.endif | |||||
OPTIONS_SUB= yes | |||||
ARIA_DESC= ARIA (South Korean standard) | |||||
ASM_DESC= Assembler code | |||||
ASYNC_DESC= Asynchronous mode | |||||
CIPHERS_DESC= Block Cipher Support | |||||
CT_DESC= Certificate Transparency Support | |||||
DES_DESC= (Triple) Data Encryption Standard | |||||
EC_DESC= Optimize NIST elliptic curves | |||||
GOST_DESC= GOST (Russian standard) | |||||
HASHES_DESC= Hash Function Support | |||||
I386_DESC= i386 (instead of i486+) | |||||
IDEA_DESC= International Data Encryption Algorithm | |||||
MD2_DESC= MD2 (obsolete) | |||||
MD4_DESC= MD4 (unsafe) | |||||
MDC2_DESC= MDC-2 (patented, requires DES) | |||||
NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) | |||||
OPTIMIZE_DESC= Optimizations | |||||
PROTOCOLS_DESC= Protocol Support | |||||
RC2_DESC= RC2 (unsafe) | |||||
RC4_DESC= RC4 (unsafe) | |||||
RC5_DESC= RC5 (patented) | |||||
RMD160_DESC= RIPEMD-160 | |||||
RFC3779_DESC= RFC3779 support (BGP) | |||||
SCTP_DESC= SCTP (Stream Control Transmission) | |||||
SM2_DESC= SM2 (Chinese standard) | |||||
SM3_DESC= SM3 (Chinese standard) | |||||
SM4_DESC= SM4 (Chinese standard) | |||||
SSE2_DESC= Runtime SSE2 detection | |||||
SSL3_DESC= SSLv3 (unsafe) | |||||
TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) | |||||
TLS1_1_DESC= TLSv1.1 (requires TLS1_2) | |||||
TLS1_2_DESC= TLSv1.2 | |||||
ZLIB_DESC= zlib compression support | |||||
# Upstream default disabled options | |||||
.for _option in md2 rc5 sctp ssl3 zlib | |||||
${_option:tu}_CONFIGURE_ON= enable-${_option} | |||||
.endfor | |||||
# Upstream default enabled options | |||||
.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg \ | |||||
rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2 | |||||
${_option:tu}_CONFIGURE_OFF= no-${_option} | |||||
Not Done Inline ActionsStill overwrites base? brnrd: Still overwrites base?
And I don't see it used in pkg-plist. Am I missing something? | |||||
Not Done Inline ActionsIt does not overwrite base, and it no longer tries to use config files from base. Given that, I've installed a sample config file like the normal port in ${PREFIX}/openssl-chelsio/ jhb: It does not overwrite base, and it no longer tries to use config files from base. Given that… | |||||
.endfor | |||||
MDC2_IMPLIES= DES | |||||
TLS1_IMPLIES= TLS1_1 | |||||
Done Inline ActionsWill remove this from the regular port. Relics from the past 😄 brnrd: Will remove this from the regular port. Relics from the past 😄 | |||||
TLS1_1_IMPLIES= TLS1_2 | |||||
EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 | |||||
I386_CONFIGURE_ON= 386 | |||||
Done Inline ActionsPort, so belongs in ${PREFIX}/etc brnrd: Port, so belongs in ${PREFIX}/etc | |||||
Not Done Inline ActionsI had done this on purpose to try to be a transparent plugin for the base OpenSSL, but I guess it's fine to do. I should probably install a sample config file as well in that case. jhb: I had done this on purpose to try to be a transparent plugin for the base OpenSSL, but I guess… | |||||
SSL3_CONFIGURE_ON+= enable-ssl3-method | |||||
ZLIB_CONFIGURE_ON= zlib-dynamic | |||||
.include <bsd.port.pre.mk> | |||||
Done Inline ActionsShould also mention that this is in 12.x (-STABLE) at the moment? brnrd: Should also mention that this is in 12.x (-STABLE) at the moment? | |||||
.if ${PREFIX} == /usr | |||||
IGNORE= the OpenSSL port can not be installed over the base version | |||||
.endif | |||||
OPENSSLDIR= ${PREFIX}/openssl-chelsio | |||||
PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} | |||||
PLIST_SUB+= SHLIBVER=${OPENSSL_SHLIBVER} | |||||
CFLAGS+= -DCHELSIO_TLS_OFFLOAD -g | |||||
.include "version.mk" | |||||
.if ${PORT_OPTIONS:MASM} | |||||
BROKEN_sparc64= option ASM generates illegal instructions | |||||
.endif | |||||
post-patch: | |||||
${REINPLACE_CMD} \ | |||||
-e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \ | |||||
-e 's| install_html_docs$$||' \ | |||||
-e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \ | |||||
${WRKSRC}/Configurations/unix-Makefile.tmpl | |||||
${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl | |||||
post-configure: | |||||
${REINPLACE_CMD} \ | |||||
-e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \ | |||||
${WRKSRC}/Makefile | |||||
Not Done Inline ActionsCan't this just be a regular patch? That would require patching the extra-patch-chssl file... brnrd: Can't this just be a regular patch? That would require patching the extra-patch-chssl file...
| |||||
Not Done Inline ActionsI did it this way so I could easily generate it from the patches I currently have (which are against the base OpenSSL in FreeBSD and a FreeBSD tree rather than against an OpenSSL tree). I could change it though. jhb: I did it this way so I could easily generate it from the patches I currently have (which are… | |||||
${REINPLACE_CMD} \ | |||||
-e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \ | |||||
${WRKSRC}/include/openssl/opensslv.h | |||||
do-install: | |||||
${MKDIR} ${STAGEDIR}${PREFIX}/openssl-chelsio/lib/engines-1.1 | |||||
.for i in libcrypto libssl | |||||
${INSTALL_DATA} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/openssl-chelsio/lib | |||||
# ${STRIP_CMD} ${STAGEDIR}${PREFIX}/openssl-chelsio/lib/$i.so.${OPENSSL_SHLIBVER} | |||||
.endfor | |||||
.for i in capi padlock | |||||
${INSTALL_DATA} ${WRKSRC}/engines/${i}.so ${STAGEDIR}${PREFIX}/openssl-chelsio/lib/engines-1.1 | |||||
${STRIP_CMD} ${STAGEDIR}${PREFIX}/openssl-chelsio/lib/engines-1.1/${i}.so | |||||
.endfor | |||||
Not Done Inline ActionsShouldn't this go into ${PREFIX}/openssl-chelsio/libdata ? brnrd: Shouldn't this go into `${PREFIX}/openssl-chelsio/libdata` ? | |||||
Not Done Inline ActionsHmm, this matches what openssl-unsafe does, but I'm not sure if we want pkgconfig data for this package anyway since it's only intended to be used as an alternate runtime library? jhb: Hmm, this matches what openssl-unsafe does, but I'm not sure if we want pkgconfig data for this… | |||||
${MKDIR} ${STAGEDIR}${OPENSSLDIR}/private | |||||
${MKDIR} ${STAGEDIR}${OPENSSLDIR}/certs | |||||
${INSTALL_DATA} ${WRKSRC}/apps/openssl.cnf ${STAGEDIR}${OPENSSLDIR}/openssl.cnf.dist | |||||
${INSTALL_DATA} ${WRKSRC}/apps/ct_log_list.cnf ${STAGEDIR}${OPENSSLDIR}/ct_log_list.cnf.dist | |||||
.include <bsd.port.post.mk> | |||||
Not Done Inline ActionsDoes this use standard libcrypto from base or the port? brnrd: Does this use standard libcrypto from base or the port?
Sounds like a dangerous thing to do... | |||||
Not Done Inline ActionsFrom base, but I could change it back to shipping a libcrypto.so. jhb: From base, but I could change it back to shipping a libcrypto.so. |
Appears before DIST_SUBDIR but after MASTER_SITES