security/openssl/builtin.mk

   1 # $NetBSD: builtin.mk,v 1.30 2011/10/04 14:15:35 hans Exp $
   2
   3 BUILTIN_PKG:=   openssl
   4
   5 BUILTIN_FIND_LIBS:=             des
   6 BUILTIN_FIND_FILES_VAR:=        H_OPENSSLCONF H_OPENSSLV
   7 BUILTIN_FIND_FILES.H_OPENSSLCONF= /usr/include/openssl/opensslconf.h \
   8                                 /usr/sfw/include/openssl/opensslconf.h \
   9                                 /boot/common/include/openssl/opensslconf.h
  10 BUILTIN_FIND_FILES.H_OPENSSLV=  /usr/include/openssl/opensslv.h \
  11                                 /usr/sfw/include/openssl/opensslv.h \
  12                                 /boot/common/include/openssl/opensslv.h
  13
  14 .include "../../mk/buildlink3/bsd.builtin.mk"
  15
  16 ###
  17 ### Determine if there is a built-in implementation of the package and
  18 ### set IS_BUILTIN.<pkg> appropriately ("yes" or "no").
  19 ###
  20 .if !defined(IS_BUILTIN.openssl)
  21 IS_BUILTIN.openssl=     no
  22 .  if empty(H_OPENSSLV:M__nonexistent__) && empty(H_OPENSSLV:M${LOCALBASE}/*)
  23 IS_BUILTIN.openssl=     yes
  24 .  endif
  25 .endif
  26 MAKEVARS+=      IS_BUILTIN.openssl
  27
  28 ###
  29 ### If there is a built-in implementation, then set BUILTIN_PKG.<pkg> to
  30 ### a package name to represent the built-in package.
  31 ###
  32 .if !defined(BUILTIN_PKG.openssl) && \
  33     !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) && \
  34     empty(H_OPENSSLV:M__nonexistent__)
  35 BUILTIN_VERSION.openssl!=                                               \
  36         ${AWK} 'BEGIN { hex="0123456789abcdef";                         \
  37                         split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \
  38                 }                                                       \
  39                 /\#define[      ]*OPENSSL_VERSION_NUMBER/ {             \
  40                         major = index(hex, substr($$3, 3, 1)) - 1;      \
  41                         i = 16 * (index(hex, substr($$3, 4, 1)) - 1);   \
  42                         i += index(hex, substr($$3, 5, 1)) - 1;         \
  43                         minor = "."i;                                   \
  44                         i = 16 * (index(hex, substr($$3, 6, 1)) - 1);   \
  45                         i += index(hex, substr($$3, 7, 1)) - 1;         \
  46                         teeny = "."i;                                   \
  47                         i = 16 * (index(hex, substr($$3, 8, 1)) - 1);   \
  48                         i += index(hex, substr($$3, 9, 1)) - 1;         \
  49                         if (i == 0) {                                   \
  50                                 patchlevel = "";                        \
  51                         } else if (i > 26) {                            \
  52                                 patchlevel = "a";                       \
  53                         } else {                                        \
  54                                 patchlevel = alpha[i];                  \
  55                         }                                               \
  56                         printf "%s%s%s%s\n",                            \
  57                                 major, minor, teeny, patchlevel;        \
  58                         exit 0;                                         \
  59                 }                                                       \
  60         ' ${H_OPENSSLV}
  61
  62 .  if !empty(BUILTIN_VERSION.openssl:M0\.9\.6g) && \
  63       empty(H_OPENSSLV:M__nonexistent__)
  64 #
  65 # If the native OpenSSL contains the security fixes pulled up to the
  66 # netbsd-1-6 branch on 2003-11-07, then pretend it's openssl-0.9.6l.
  67 #
  68 BUILTIN_OPENSSL_HAS_20031107_FIX!=                                      \
  69         ${AWK} 'BEGIN { ans = "no" }                                    \
  70                 /OPENSSL_HAS_20031107_FIX/ { ans = "yes" }              \
  71                 END { print ans; exit 0 }                               \
  72         ' ${H_OPENSSLV}
  73 .    if !empty(BUILTIN_OPENSSL_HAS_20031107_FIX:M[yY][eE][sS])
  74 BUILTIN_VERSION.openssl=        0.9.6l
  75 .    endif
  76 #
  77 # If the native OpenSSL contains the security fixes pulled up to the
  78 # netbsd-1-6 branch on 2004-04-01, then pretend it's openssl-0.9.6m.
  79 #
  80 BUILTIN_OPENSSL_HAS_20040401_FIX!=                                      \
  81         ${AWK} 'BEGIN { ans = "no" }                                    \
  82                 /OPENSSL_HAS_20040401_FIX/ { ans = "yes" }              \
  83                 END { print ans; exit 0 }                               \
  84         ' ${H_OPENSSLV}
  85 .    if !empty(BUILTIN_OPENSSL_HAS_20040401_FIX:M[yY][eE][sS])
  86 BUILTIN_VERSION.openssl=        0.9.6m
  87 .    endif
  88 .  elif !empty(BUILTIN_VERSION.openssl:M0\.9\.7d) && \
  89         empty(H_OPENSSLV:M__nonexistent__)
  90 #
  91 # If the native OpenSSL contains the security fixes pulled up to the
  92 # netbsd-2-0, netbsd-2, and netbsd-3-0 branches on 2005-10-11, then
  93 # pretend it's openssl-0.9.7h.
  94 #
  95 BUILTIN_OPENSSL_HAS_20051011_FIX!=                                      \
  96         ${AWK} 'BEGIN { ans = "no" }                                    \
  97                 /OPENSSL_HAS_20051011_FIX/ { ans = "yes" }              \
  98                 END { print ans; exit 0 }                               \
  99         ' ${H_OPENSSLV}
 100 .    if !empty(BUILTIN_OPENSSL_HAS_20051011_FIX:M[yY][eE][sS])
 101 BUILTIN_VERSION.openssl=        0.9.7h
 102 .    endif
 103 .  endif
 104 BUILTIN_PKG.openssl=    openssl-${BUILTIN_VERSION.openssl}
 105 .endif
 106 MAKEVARS+=      BUILTIN_PKG.openssl
 107 MAKEVARS+=      BUILTIN_VERSION.openssl
 108
 109 .if !defined(BUILTIN_OPENSSL_HAS_THREADS) && \
 110     !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) && \
 111     empty(H_OPENSSLCONF:M__nonexistent__)
 112 BUILTIN_OPENSSL_HAS_THREADS!=                                           \
 113         ${AWK} 'BEGIN { ans = "no" }                                    \
 114                 /\#[    ]*define[       ]*OPENSSL_THREADS/ { ans= "yes" } \
 115                 /\#[    ]*define[       ]*THREADS/ { ans = "yes" }      \
 116                 END { print ans; exit 0 }                               \
 117         ' ${H_OPENSSLCONF:Q}
 118 .endif
 119 MAKEVARS+=      BUILTIN_OPENSSL_HAS_THREADS
 120
 121 ###
 122 ### Determine whether we should use the built-in implementation if it
 123 ### exists, and set USE_BUILTIN.<pkg> appropriate ("yes" or "no").
 124 ###
 125 .if !defined(USE_BUILTIN.openssl)
 126 .  if ${PREFER.openssl} == "pkgsrc"
 127 USE_BUILTIN.openssl=    no
 128 .  else
 129 USE_BUILTIN.openssl=    ${IS_BUILTIN.openssl}
 130 .    if defined(BUILTIN_PKG.openssl) && \
 131         !empty(IS_BUILTIN.openssl:M[yY][eE][sS])
 132 USE_BUILTIN.openssl=    yes
 133 .      for dep_ in ${BUILDLINK_API_DEPENDS.openssl}
 134 .        if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 135 USE_BUILTIN.openssl!=                                                   \
 136         if ${PKG_ADMIN} pmatch ${dep_:Q} ${BUILTIN_PKG.openssl:Q}; then \
 137                 ${ECHO} yes;                                            \
 138         else                                                            \
 139                 ${ECHO} no;                                             \
 140         fi
 141 .        endif
 142 .      endfor
 143 .    endif
 144 .    if !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) && \
 145         defined(USE_FEATURES.openssl)
 146 .      if !empty(USE_FEATURES.openssl:Mthreads) && \
 147           !empty(BUILTIN_OPENSSL_HAS_THREADS:M[nN][oO])
 148 USE_BUILTIN.openssl=    no
 149 .      endif
 150 .    endif
 151 .  endif  # PREFER.openssl
 152 .endif
 153 MAKEVARS+=      USE_BUILTIN.openssl
 154
 155 ###
 156 ### The section below only applies if we are not including this file
 157 ### solely to determine whether a built-in implementation exists.
 158 ###
 159 CHECK_BUILTIN.openssl?= no
 160 .if !empty(CHECK_BUILTIN.openssl:M[nN][oO])
 161
 162 .  if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 163 .    if empty(H_OPENSSLV:M__nonexistent__)
 164 .      if !empty(H_OPENSSLV:M/usr/sfw/*)
 165 BUILDLINK_PREFIX.openssl=       /usr/sfw
 166 BUILDLINK_PASSTHRU_DIRS+=       /usr/sfw
 167 .      elif !empty(H_OPENSSLV:M/usr/*)
 168 BUILDLINK_PREFIX.openssl=       /usr
 169 .      elif !empty(H_OPENSSLV:M/boot/common/*)
 170 BUILDLINK_PREFIX.openssl=       /boot/common
 171 .      endif
 172 .    endif
 173 .  endif
 174
 175 # By default, we don't bother with the old DES API.
 176 USE_OLD_DES_API?=       no
 177 .  if !empty(USE_OLD_DES_API:M[yY][eE][sS])
 178 #
 179 # If we're using the old DES API, then check to see if the old DES
 180 # code was factored out into a separate library and header files and
 181 # no longer a part of libcrypto.
 182 #
 183 .    if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 184 .      if exists(${BUILDLINK_PREFIX.openssl}/include/des.h) && \
 185           !empty(BUILTIN_LIB_FOUND.des:M[yY][eE][sS])
 186 BUILDLINK_TRANSFORM+=   l:crypto:des:crypto
 187 WRAPPER_REORDER_CMDS+=  reorder:l:des:crypto
 188 .      endif
 189 .    endif
 190
 191 # The idea is to avoid the need to patch source files for packages that
 192 # use OpenSSL for DES support by ensuring that including <openssl/des.h>
 193 # will always present the old DES API.
 194 #
 195 # (1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and
 196 #     <openssl/des.h> already does the right thing.
 197 #
 198 # (2) If des_old.h doesn't exist, then one of two things is happening:
 199 #     (a) If <openssl/des.h> is old and (only) supports the old DES API,
 200 #         then <openssl/des.h> does the right thing.
 201 #     (b) If it's NetBSD's Special(TM) one that stripped out the old DES
 202 #         support into a separate library and header (-ldes, <des.h>),
 203 #         then we create a new header <openssl/des.h> that includes the
 204 #         system one and <des.h>, and we create an <openssl/des_old.h>
 205 #         that just includes <des.h>.
 206 #
 207 BUILDLINK_TARGETS+=     buildlink-openssl-des-h
 208 .    if !target(buildlink-openssl-des-h)
 209 .PHONY: buildlink-openssl-des-h
 210 buildlink-openssl-des-h:
 211         ${RUN}                                                          \
 212         bl_odes_h="${BUILDLINK_DIR}/include/openssl/des.h";             \
 213         bl_odes_old_h="${BUILDLINK_DIR}/include/openssl/des_old.h";     \
 214         odes_h="${BUILDLINK_PREFIX.openssl}/include/openssl/des.h";     \
 215         odes_old_h="${BUILDLINK_PREFIX.openssl}/include/openssl/des_old.h"; \
 216         des_h="${BUILDLINK_PREFIX.openssl}/include/des.h";              \
 217         if ${TEST} -f "$$odes_old_h"; then                              \
 218                 ${ECHO_BUILDLINK_MSG} "<openssl/des.h> supports old DES API."; \
 219                 exit 0;                                                 \
 220         elif ${GREP} -q "des_cblock" "$$odes_h" 2>/dev/null; then       \
 221                 ${ECHO_BUILDLINK_MSG} "<openssl/des.h> supports old DES API."; \
 222                 exit 0;                                                 \
 223         elif ${TEST} -f "$$des_h" -a -f "$$odes_h"; then                \
 224                 ${ECHO_BUILDLINK_MSG} "Creating $$bl_odes_h";           \
 225                 ${RM} -f $$bl_odes_h;                                   \
 226                 ${MKDIR} `${DIRNAME} $$bl_odes_h`;                      \
 227                 ( ${ECHO} "/* Created by openssl/builtin.mk:${.TARGET} */"; \
 228                   ${ECHO} "#include \"$$odes_h\"";                      \
 229                   ${ECHO} "#include \"$$des_h\"";                       \
 230                 ) > $$bl_odes_h;                                        \
 231                 ${ECHO_BUILDLINK_MSG} "Creating $$bl_odes_old_h";       \
 232                 ${RM} -f $$bl_odes_old_h;                               \
 233                 ${MKDIR} `${DIRNAME} $$bl_odes_old_h`;                  \
 234                 ( ${ECHO} "/* Created by openssl/builtin.mk:${.TARGET} */"; \
 235                   ${ECHO} "#include \"$$des_h\"";                       \
 236                 ) > $$bl_odes_old_h;                                    \
 237                 exit 0;                                                 \
 238         else                                                            \
 239                 ${ECHO} "Unable to find headers for old DES API.";      \
 240                 exit 1;                                                 \
 241         fi
 242 .    endif
 243 .  endif  # USE_OLD_DES_API == yes
 244
 245 .  if defined(PKG_SYSCONFDIR.openssl)
 246 SSLDIR= ${PKG_SYSCONFDIR.openssl}
 247 .  elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 248 .    if ${OPSYS} == "NetBSD"
 249 SSLDIR= /etc/openssl
 250 .    elif ${OPSYS} == "Haiku"
 251 SSLDIR= /boot/common/ssl
 252 .    else
 253 SSLDIR= /etc/ssl                # most likely place
 254 .    endif
 255 .  else
 256 SSLDIR= ${PKG_SYSCONFBASEDIR}/openssl
 257 .  endif
 258
 259 SSLCERTS=       ${SSLDIR}/certs
 260 SSLKEYS=        ${SSLDIR}/private
 261
 262 BUILD_DEFS+=    SSLDIR SSLCERTS SSLKEYS
 263
 264 # create pc files for builtin version; other versions assumed to contain them
 265 # If we are using the builtin version, check whether it has a *.pc
 266 # files or not.  If the latter, generate fake ones.
 267 .  if !empty(USE_BUILTIN.openssl:M[Yy][Ee][Ss])
 268 BUILDLINK_TARGETS+=     openssl-fake-pc
 269
 270 .    if !defined(HAS_OPENSSL_FAKE_PC)
 271 HAS_OPENSSL_FAKE_PC=
 272
 273 openssl-fake-pc:
 274         ${RUN} \
 275         src=${BUILDLINK_PREFIX.openssl}/lib/pkgconfig/libcrypto.pc; \
 276         dst=${BUILDLINK_DIR}/lib/pkgconfig/libcrypto.pc; \
 277         ${MKDIR} ${BUILDLINK_DIR}/lib/pkgconfig; \
 278         if ${TEST} -f $${src}; then \
 279                 ${LN} -sf $${src} $${dst}; \
 280         else \
 281                 { ${ECHO} "Name: OpenSSL-libcrypto"; \
 282                 ${ECHO} "Description: OpenSSL cryptography library"; \
 283                 ${ECHO} "Version: ${BUILTIN_VERSION.openssl}"; \
 284                 ${ECHO} "Libs: -L${BUILDLINK_PREFIX.openssl}/lib -lcrypto"; \
 285                 ${ECHO} "Cflags: -I${BUILDLINK_PREFIX.openssl}/include"; \
 286                 } >$${dst}; \
 287         fi
 288         ${RUN} \
 289         src=${BUILDLINK_PREFIX.openssl}/lib/pkgconfig/libssl.pc; \
 290         dst=${BUILDLINK_DIR}/lib/pkgconfig/libssl.pc; \
 291         ${MKDIR} ${BUILDLINK_DIR}/lib/pkgconfig; \
 292         if ${TEST} -f $${src}; then \
 293                 ${LN} -sf $${src} $${dst}; \
 294         else \
 295                 { ${ECHO} "Name: OpenSSL"; \
 296                 ${ECHO} "Description: Secure Sockets Layer and cryptography libraries"; \
 297                 ${ECHO} "Version: ${BUILTIN_VERSION.openssl}"; \
 298                 ${ECHO} "Libs: -L${BUILDLINK_PREFIX.openssl}/lib -lssl -lcrypto"; \
 299                 ${ECHO} "Cflags: -I${BUILDLINK_PREFIX.openssl}/include"; \
 300                 } >$${dst}; \
 301         fi
 302         ${RUN} \
 303         src=${BUILDLINK_PREFIX.openssl}/lib/pkgconfig/openssl.pc; \
 304         dst=${BUILDLINK_DIR}/lib/pkgconfig/openssl.pc; \
 305         ${MKDIR} ${BUILDLINK_DIR}/lib/pkgconfig; \
 306         if ${TEST} -f $${src}; then \
 307                 ${LN} -sf $${src} $${dst}; \
 308         else \
 309                 { ${ECHO} "Name: OpenSSL"; \
 310                 ${ECHO} "Description: Secure Sockets Layer and cryptography libraries and tools"; \
 311                 ${ECHO} "Version: ${BUILTIN_VERSION.openssl}"; \
 312                 ${ECHO} "Libs: -L${BUILDLINK_PREFIX.openssl}/lib -lssl -lcrypto"; \
 313                 ${ECHO} "Cflags: -I${BUILDLINK_PREFIX.openssl}/include"; \
 314                 } >$${dst}; \
 315         fi
 316 .    endif
 317 .  endif
 318
 319 .endif  # CHECK_BUILTIN.openssl