[csw-devel] SF.net SVN: gar:[17957] csw/mgar/pkg/openssl1/trunk

chninkel at users.sourceforge.net chninkel at users.sourceforge.net
Sun May 6 16:11:50 CEST 2012 

Revision: 17957
          http://gar.svn.sourceforge.net/gar/?rev=17957&view=rev
Author:   chninkel
Date:     2012-05-06 14:11:49 +0000 (Sun, 06 May 2012)
Log Message:
-----------
openssl1/trunk: fixed pkcs11 patch and various paths, added patch to allow c_rehash to generate 0.9.8 certificate hashes

Modified Paths:
--------------
    csw/mgar/pkg/openssl1/trunk/Makefile
    csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30

Added Paths:
-----------
    csw/mgar/pkg/openssl1/trunk/files/c_rehash-compat.patch

Modified: csw/mgar/pkg/openssl1/trunk/Makefile
===================================================================
--- csw/mgar/pkg/openssl1/trunk/Makefile	2012-05-06 14:07:19 UTC (rev 17956)
+++ csw/mgar/pkg/openssl1/trunk/Makefile	2012-05-06 14:11:49 UTC (rev 17957)
@@ -44,34 +44,21 @@
 SPKG_DESC_CSWopenssl-utils = Openssl 1.0 binaries and related tools
 PKGFILES_CSWopenssl-utils = $(bindir)/[^/]* $(mandir)/man1/.* $(mandir)/man5/.* $(mandir)/man7/.* 
 PKGFILES_CSWopenssl-utils += $(prefix)/ssl/misc/.* 
-PKGFILES_CSWopenssl-utils += $(prefix)/etc/ssl/openssl\.cnf.*
+PKGFILES_CSWopenssl-utils += $(prefix)/ssl/openssl\.cnf.*
+PKGFILES_CSWopenssl-utils += $(sysconfdir)/ssl/openssl\.cnf.*
 PKGFILES_CSWopenssl-utils += $(docdir)/openssl_utils/.*
 
-PRESERVECONF = $(prefix)/etc/ssl/openssl.cnf
+PRESERVECONF = $(sysconfdir)/ssl/openssl.cnf
 
-# We use SUN perl, not the opencsw one
-#CHECKPKG_OVERRIDES_CSWopenssl-utils += missing-dependency|CSWperl
-
-# We ship the .a files in the devel package
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/libcrypto.a
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/libssl.a
-#ifeq ($(GARCH),sparc)
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/sparcv8plus+vis/libcrypto.a
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/sparcv8plus+vis/libssl.a
-#else
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/pentium_pro/libcrypto.a
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/pentium_pro/libssl.a
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/amd64/libcrypto.a
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += discouraged-path-in-pkgmap|/opt/csw/lib/amd64/libssl.a
-#endif
-#CHECKPKG_OVERRIDES_CSWlibssl-dev += surplus-dependency|CSWlibssl1-0-0
-
 # We do ship libcrypto in libssl package
-#CHECKPKG_OVERRIDES_CSWlibssl1-0-0 += shared-lib-pkgname-mismatch|file=opt/csw/lib/libcrypto.so.1.0.0|soname=libcrypto.so.1.0.0|pkgname=CSWlibssl1-0-0|expected=CSWlibcrypto1-0-0
-#CHECKPKG_OVERRIDES_CSWlibssl1-0-0 += shared-lib-pkgname-mismatch|file=opt/csw/lib/pentium_pro/libcrypto.so.1.0.0|soname=libcrypto.so.1.0.0|pkgname=CSWlibssl1-0-0|expected=CSWlibcrypto1-0-0
-#CHECKPKG_OVERRIDES_CSWlibssl1-0-0 += shared-lib-pkgname-mismatch|file=opt/csw/lib/amd64/libcrypto.so.1.0.0|soname=libcrypto.so.1.0.0|pkgname=CSWlibssl1-0-0|expected=CSWlibcrypto1-0-0
+CHECKPKG_OVERRIDES_CSWlibssl1-0-0 += shared-lib-pkgname-mismatch|file=opt/csw/lib/libcrypto.so.1.0.0|soname=libcrypto.so.1.0.0|pkgname=CSWlibssl1-0-0|expected=CSWlibcrypto1-0-0
+CHECKPKG_OVERRIDES_CSWlibssl1-0-0 += shared-lib-pkgname-mismatch|file=opt/csw/lib/sparcv8plus+vis/libcrypto.so.1.0.0|soname=libcrypto.so.1.0.0|pkgname=CSWlibssl1-0-0|expected=CSWlibcrypto1-0-0
+CHECKPKG_OVERRIDES_CSWlibssl1-0-0 += shared-lib-pkgname-mismatch|file=opt/csw/lib/sparcv9/libcrypto.so.1.0.0|soname=libcrypto.so.1.0.0|pkgname=CSWlibssl1-0-0|expected=CSWlibcrypto1-0-0
 
+# We use SUN perl, not the opencsw one
+CHECKPKG_OVERRIDES_CSWopenssl-utils += missing-dependency|CSWperl
 
+
 # References to default path in documentation files, can be safely ignored
 CHECKPKG_OVERRIDES_CSWlibssl-dev += file-with-bad-content|/usr/local|root/opt/csw/share/doc/libssl_dev/INSTALL
 CHECKPKG_OVERRIDES_CSWlibssl-dev += file-with-bad-content|/usr/local|root/opt/csw/share/doc/libssl_dev/CHANGES
@@ -114,6 +101,11 @@
 # (patchs taken from Debian Package)
 PATCHFILES += block_bad_certificates.patch
 
+# Add old-style certificates hash generation to maintain compatibilies
+# with gnutls and programs linked with openssl 0.9.8 
+# Patch taken from Debian
+PATCHFILES += c_rehash-compat.patch
+
 LICENSE = LICENSE
 
 ##### Build and installation information #####
@@ -141,7 +133,7 @@
 sparcv8plus+vis_OS_COMPILER	= solaris-sparcv9+vis-cc
 sparcv9_OS_COMPILER		= solaris64-sparcv9-cc
 
-CONFIGURE_ARGS = --prefix=$(prefix) --openssldir=$(prefix)/etc/ssl shared $($(ISA)_OS_COMPILER) --install_prefix=$(DESTDIR)
+CONFIGURE_ARGS = --prefix=$(prefix) shared $($(ISA)_OS_COMPILER) --install_prefix=$(DESTDIR)
 
 
 # support for pkcs11 engine http://blogs.sun.com/chichang1/entry/how_to_integrate_pkcs11_engine
@@ -178,20 +170,25 @@
 	@$(MAKECOOKIE)
 
 fix-paths:
-	gsed -i -e 's,/usr/local/ssl/lib,/opt/csw/etc/ssl,' $(PKGROOT)$(mandir)/man1/ca.1
-	gsed -i -e 's,/usr/local/ssl,/opt/csw/ssl,' $(PKGROOT)$(bindir)/c_rehash
+	gsed -i -e 's,/usr/local/ssl/lib,$(sysconfdir)/ssl,' $(PKGROOT)$(mandir)/man1/ca.1
+	gsed -i -e 's,/usr/local/ssl,$(prefix)/ssl,' $(PKGROOT)$(bindir)/c_rehash
 	@$(MAKECOOKIE)
 
-install-certs: 
-	[ ! -f $(PKGROOT)$(prefix)/ssl/openssl.cnf ] || \
-		ginstall -D $(PKGROOT)$(prefix)/ssl/openssl.cnf $(PKGROOT)$(sysconfdir)/ssl/openssl.cnf.CSW
-
+install-conf-misc: 
+	if [ -f $(PKGROOT)$(prefix)/ssl/openssl.cnf ]; then \
+		ginstall -d "$(PKGROOT)$(sysconfdir)/ssl"; \
+		mv "$(PKGROOT)$(prefix)/ssl/openssl.cnf" $(PKGROOT)$(sysconfdir)/ssl/openssl.cnf.CSW; \
+		ln -sf ../../..$(sysconfdir)/ssl/openssl.cnf $(PKGROOT)$(prefix)/ssl/openssl.cnf; \
+	fi	
+	[ ! -d "$(PKGROOT)$(sysconfdir)/ssl/misc" ] || \
+		mv "$(PKGROOT)$(sysconfdir)/ssl/misc" "$(PKGROOT)/$(prefix)/ssl/"
+		
 merge-doc:
 	for CATALOGNAME in $(foreach PKG, $(PACKAGES), $(call catalogname,$(PKG))); do \
 		ginstall -d $(PKGROOT)/$(docdir)/$$CATALOGNAME; \
-		(cd $(DOWNLOADDIR)/ && ginstall README.CSW changelog.CSW $(PKGROOT)/$(docdir)/$$CATALOGNAME/); \
-		(cd $(WORKSRC_FIRSTMOD)/ && ginstall $(DOCFILES) $(PKGROOT)/$(docdir)/$$CATALOGNAME/); \
+		(cd $(DOWNLOADDIR)/ && ginstall -m 0644 README.CSW changelog.CSW $(PKGROOT)/$(docdir)/$$CATALOGNAME/); \
+		(cd $(WORKSRC_FIRSTMOD)/ && ginstall -m 0644 $(DOCFILES) $(PKGROOT)/$(docdir)/$$CATALOGNAME/); \
 	done
 	@$(MAKECOOKIE)
 
-post-merge: merge-doc install-certs fix-paths
+post-merge: merge-doc install-conf-misc fix-paths

Added: csw/mgar/pkg/openssl1/trunk/files/c_rehash-compat.patch
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/c_rehash-compat.patch	                        (rev 0)
+++ csw/mgar/pkg/openssl1/trunk/files/c_rehash-compat.patch	2012-05-06 14:11:49 UTC (rev 17957)
@@ -0,0 +1,43 @@
+From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel at suse.de>
+Date: Wed, 21 Apr 2010 15:52:10 +0200
+Subject: [PATCH] also create old hash for compatibility
+
+---
+ tools/c_rehash.in |    8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+
+Index: openssl-1.0.0d/tools/c_rehash.in
+===================================================================
+--- openssl-1.0.0d.orig/tools/c_rehash.in	2011-04-13 20:41:28.000000000 +0000
++++ openssl-1.0.0d/tools/c_rehash.in	2011-04-13 20:41:28.000000000 +0000
+@@ -86,6 +86,7 @@
+ 			}
+ 		}
+ 		link_hash_cert($fname) if($cert);
++		link_hash_cert_old($fname) if($cert);
+ 		link_hash_crl($fname) if($crl);
+ 	}
+ }
+@@ -119,8 +120,9 @@
+ 
+ sub link_hash_cert {
+ 		my $fname = $_[0];
++		my $hashopt = $_[1] || '-subject_hash';
+ 		$fname =~ s/'/'\\''/g;
+-		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
++		my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+ 		chomp $hash;
+ 		chomp $fprint;
+ 		$fprint =~ s/^.*=//;
+@@ -150,6 +152,10 @@
+ 		$hashlist{$hash} = $fprint;
+ }
+ 
++sub link_hash_cert_old {
++		link_hash_cert($_[0], '-subject_hash_old');
++}
++
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+ 
+ sub link_hash_crl {

Modified: csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30	2012-05-06 14:07:19 UTC (rev 17956)
+++ csw/mgar/pkg/openssl1/trunk/files/pkcs11_engine-1.0.1b.patch.2012-04-30	2012-05-06 14:11:49 UTC (rev 17957)
@@ -276,16 +276,16 @@
 diff -uNr openssl-0.9.8o.orig//crypto/engine/eng_all.c openssl-0.9.8o//crypto/engine/eng_all.c
 --- openssl-0.9.8o.orig//crypto/engine/eng_all.c	2010-03-01 01:30:11.000000000 +0100
 +++ openssl-0.9.8o//crypto/engine/eng_all.c	2010-09-04 00:22:06.503582943 +0200
-@@ -110,6 +110,9 @@
- #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- 	ENGINE_load_capi();
+@@ -80,6 +80,9 @@
+ 	ENGINE_load_rdrand();
  #endif
+ 	ENGINE_load_dynamic();
 +#ifndef OPENSSL_NO_HW_PKCS11
 +	ENGINE_load_pk11();
 +#endif
- #endif
- 	}
- 
+ #ifndef OPENSSL_NO_STATIC_ENGINE
+ #ifndef OPENSSL_NO_HW
+ #ifndef OPENSSL_NO_HW_4758_CCA
 diff -uNr openssl-0.9.8o.orig//crypto/engine/engine.h openssl-0.9.8o//crypto/engine/engine.h
 --- openssl-0.9.8o.orig//crypto/engine/engine.h	2010-02-09 15:18:15.000000000 +0100
 +++ openssl-0.9.8o//crypto/engine/engine.h	2010-09-04 00:22:06.528927372 +0200

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the devel mailing list