mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
00147edd88
This release only contains bug fixes but no security-related fixes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
174 lines
5.4 KiB
Plaintext
174 lines
5.4 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
VER = 1.0.2l
|
|
|
|
THISAPP = openssl-$(VER)
|
|
DL_FILE = $(THISAPP).tar.gz
|
|
DL_FROM = $(URL_IPFIRE)
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
|
|
TARGET = $(DIR_INFO)/$(THISAPP)$(KCFG)
|
|
|
|
ifneq "$(KCFG)" "-sse2"
|
|
CFLAGS += -DPURIFY
|
|
else
|
|
CFLAGS =-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC
|
|
CFLAGS+= -fstack-protector-all --param=ssp-buffer-size=4
|
|
CFLAGS+= -march=i686 -mmmx -msse -msse2 -mfpmath=sse
|
|
CFLAGS+= -fomit-frame-pointer -DPURIFY
|
|
CXXFLAGS="${CFLAGS}"
|
|
endif
|
|
|
|
export RPM_OPT_FLAGS = $(CFLAGS)
|
|
|
|
CONFIGURE_OPTIONS = \
|
|
--prefix=/usr \
|
|
--openssldir=/etc/ssl \
|
|
--enginesdir=/usr/lib/openssl/engines \
|
|
shared \
|
|
zlib-dynamic \
|
|
enable-camellia \
|
|
enable-md2 \
|
|
disable-ssl2 \
|
|
enable-seed \
|
|
enable-tlsext \
|
|
enable-rfc3779 \
|
|
no-idea \
|
|
no-mdc2 \
|
|
no-rc5 \
|
|
no-srp \
|
|
-DSSL_FORBID_ENULL \
|
|
$(OPENSSL_ARCH)
|
|
|
|
ifeq "$(IS_64BIT)" "1"
|
|
OPENSSL_ARCH = linux-generic64
|
|
else
|
|
OPENSSL_ARCH = linux-generic32
|
|
endif
|
|
|
|
ifeq "$(BUILD_ARCH)" "aarch64"
|
|
OPENSSL_ARCH = linux-aarch64
|
|
endif
|
|
|
|
ifeq "$(BUILD_ARCH)" "x86_64"
|
|
OPENSSL_ARCH = linux-x86_64
|
|
endif
|
|
|
|
ifeq "$(BUILD_ARCH)" "i586"
|
|
OPENSSL_ARCH = linux-elf
|
|
|
|
ifneq "$(KCFG)" "-sse2"
|
|
OPENSSL_ARCH += no-sse2
|
|
endif
|
|
endif
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_MD5 = f85123cd390e864dfbe517e7616e6566
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
md5 : $(subst %,%_MD5,$(objects))
|
|
|
|
###############################################################################
|
|
# Downloading, checking, md5sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_MD5,$(objects)) :
|
|
@$(MD5)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
|
|
|
|
# i586 specific patches
|
|
ifeq "$(BUILD_ARCH)" "i586"
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_auto_enable_padlock.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
|
|
endif
|
|
|
|
# With openssl 1.0.2e, pod2mantest is missing
|
|
echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
|
|
chmod a+x $(DIR_APP)/util/pod2mantest
|
|
|
|
# Apply our CFLAGS
|
|
cd $(DIR_APP) && sed -i Configure \
|
|
-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
|
|
|
|
cd $(DIR_APP) && find crypto/ -name Makefile -exec \
|
|
sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
|
|
|
|
cd $(DIR_APP) && ./Configure $(CONFIGURE_OPTIONS)
|
|
|
|
cd $(DIR_APP) && make depend
|
|
cd $(DIR_APP) && make
|
|
|
|
ifeq "$(KCFG)" "-sse2"
|
|
-mkdir -pv /usr/lib/sse2
|
|
cd $(DIR_APP) && install -m 755 \
|
|
libcrypto.so.10 /usr/lib/sse2
|
|
else
|
|
# Install everything.
|
|
cd $(DIR_APP) && make install
|
|
install -m 0644 $(DIR_SRC)/config/ssl/openssl.cnf /etc/ssl
|
|
|
|
# Remove man pages.
|
|
-rm -vfr /etc/ssl/man
|
|
|
|
# Move engines to the right place.
|
|
-mkdir -pv /usr/lib/openssl
|
|
rm -vfr /usr/lib/openssl/engines
|
|
mv -v /usr/lib/engines /usr/lib/openssl
|
|
endif
|
|
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|