Date: Saturday, January 8, 2022 @ 20:59:14 Author: pierre Revision: 433976
Add OpenSSL 1.1 compatibility package Added: openssl-1.1/ openssl-1.1/repos/ openssl-1.1/trunk/ openssl-1.1/trunk/PKGBUILD openssl-1.1/trunk/ca-dir.patch --------------+ PKGBUILD | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ca-dir.patch | 31 ++++++++++++++++++++++ 2 files changed, 108 insertions(+) Added: openssl-1.1/trunk/PKGBUILD =================================================================== --- openssl-1.1/trunk/PKGBUILD (rev 0) +++ openssl-1.1/trunk/PKGBUILD 2022-01-08 20:59:14 UTC (rev 433976) @@ -0,0 +1,77 @@ +# Maintainer: Pierre Schmitz <pie...@archlinux.de> + +pkgname=openssl-1.1 +_pkgname=openssl +_ver=1.1.1m +# use a pacman compatible version scheme +pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} +pkgrel=1 +pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security' +arch=('x86_64') +url='https://www.openssl.org' +license=('custom:BSD') +depends=('glibc') +conflicts('openssl<3') +makedepends=('perl') +source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"{,.asc} + 'ca-dir.patch') +sha256sums=('f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96' + 'SKIP' + '75aa8c2c638c8a3ebfd9fa146fc61c7ff878fc997dc6aa10d39e4b2415d669b2') +validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491' + '7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C') + +prepare() { + cd "$srcdir/$_pkgname-$_ver" + + # set ca dir to /etc/ssl by default + patch -p0 -i "$srcdir/ca-dir.patch" +} + +build() { + cd "$srcdir/$_pkgname-$_ver" + + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib/openssl-1.1 \ + shared no-ssl3-method enable-ec_nistp_64_gcc_128 linux-x86_64 \ + "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + + make depend + make +} + +check() { + cd "$srcdir/$_pkgname-$_ver" + + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test + patch -p0 -R -i "$srcdir/ca-dir.patch" + + make test + + patch -p0 -i "$srcdir/ca-dir.patch" + # re-run make to re-generate CA.pl from th patched .in file. + make apps/CA.pl +} + +package() { + cd "$srcdir/$_pkgname-$_ver" + + make DESTDIR="$pkgdir" install_sw + + # Move some files around + install -m755 -d "$pkgdir/usr/include/openssl-1.1" + mv "$pkgdir/usr/include/openssl" "$pkgdir/usr/include/openssl-1.1/" + mv "$pkgdir/usr/lib/openssl-1.1/libcrypto.so.1.1" "$pkgdir/usr/lib/" + mv "$pkgdir/usr/lib/openssl-1.1/libssl.so.1.1" "$pkgdir/usr/lib/" + ln -sf ../libssl.so.1.1 "$pkgdir/usr/lib/openssl-1.1/libssl.so" + ln -sf ../libcrypto.so.1.1 "$pkgdir/usr/lib/openssl-1.1/libcrypto.so" + mv "$pkgdir/usr/bin/openssl" "$pkgdir/usr/bin/openssl-1.1" + + # Update includedir in .pc files + sed -e 's|/include$|/include/openssl-1.1|' -i "$pkgdir"/usr/lib/openssl-1.1/pkgconfig/*.pc + + rm -rf "$pkgdir"/{etc,usr/bin/c_rehash} + + install -D -m644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" +} Added: openssl-1.1/trunk/ca-dir.patch =================================================================== --- openssl-1.1/trunk/ca-dir.patch (rev 0) +++ openssl-1.1/trunk/ca-dir.patch 2022-01-08 20:59:14 UTC (rev 433976) @@ -0,0 +1,31 @@ +--- apps/CA.pl.in 2019-09-10 15:13:07.000000000 +0200 ++++ apps/CA.pl.in 2019-10-06 09:34:23.960864556 +0200 +@@ -33,7 +33,7 @@ + my $PKCS12 = "$openssl pkcs12"; + + # default openssl.cnf file has setup as per the following +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/ssl"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +--- apps/openssl.cnf 2019-09-10 15:13:07.000000000 +0200 ++++ apps/openssl.cnf 2019-10-06 09:34:23.960864556 +0200 +@@ -42,7 +42,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/ssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -325,7 +325,7 @@ + [ tsa_config1 ] + + # These are used by the TSA reply generation only. +-dir = ./demoCA # TSA root directory ++dir = /etc/ssl # TSA root directory + serial = $dir/tsaserial # The current serial number (mandatory) + crypto_device = builtin # OpenSSL engine to use for signing + signer_cert = $dir/tsacert.pem # The TSA signing certificate