1 # $NetBSD: builtin.mk,v 1.30 2011/10/04 14:15:35 hans Exp $
5 BUILTIN_FIND_LIBS:= des
6 BUILTIN_FIND_FILES_VAR:= H_OPENSSLCONF H_OPENSSLV
7 BUILTIN_FIND_FILES.H_OPENSSLCONF= /usr/include/openssl/opensslconf.h \
8 /usr/sfw/include/openssl/opensslconf.h \
9 /boot/common/include/openssl/opensslconf.h
10 BUILTIN_FIND_FILES.H_OPENSSLV= /usr/include/openssl/opensslv.h \
11 /usr/sfw/include/openssl/opensslv.h \
12 /boot/common/include/openssl/opensslv.h
14 .include "../../mk/buildlink3/bsd.builtin.mk"
17 ### Determine if there is a built-in implementation of the package and
18 ### set IS_BUILTIN.<pkg> appropriately ("yes" or "no").
20 .if !defined(IS_BUILTIN.openssl)
21 IS_BUILTIN.openssl= no
22 . if empty(H_OPENSSLV:M__nonexistent__) && empty(H_OPENSSLV:M${LOCALBASE}/*)
23 IS_BUILTIN.openssl= yes
26 MAKEVARS+= IS_BUILTIN.openssl
29 ### If there is a built-in implementation, then set BUILTIN_PKG.<pkg> to
30 ### a package name to represent the built-in package.
32 .if !defined(BUILTIN_PKG.openssl) && \
33 !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) && \
34 empty(H_OPENSSLV:M__nonexistent__)
35 BUILTIN_VERSION.openssl!= \
36 ${AWK} 'BEGIN { hex="0123456789abcdef"; \
37 split("abcdefghijklmnopqrstuvwxyz", alpha, ""); \
39 /\#define[ ]*OPENSSL_VERSION_NUMBER/ { \
40 major = index(hex, substr($$3, 3, 1)) - 1; \
41 i = 16 * (index(hex, substr($$3, 4, 1)) - 1); \
42 i += index(hex, substr($$3, 5, 1)) - 1; \
44 i = 16 * (index(hex, substr($$3, 6, 1)) - 1); \
45 i += index(hex, substr($$3, 7, 1)) - 1; \
47 i = 16 * (index(hex, substr($$3, 8, 1)) - 1); \
48 i += index(hex, substr($$3, 9, 1)) - 1; \
51 } else if (i > 26) { \
54 patchlevel = alpha[i]; \
56 printf "%s%s%s%s\n", \
57 major, minor, teeny, patchlevel; \
62 . if !empty(BUILTIN_VERSION.openssl:M0\.9\.6g) && \
63 empty(H_OPENSSLV:M__nonexistent__)
65 # If the native OpenSSL contains the security fixes pulled up to the
66 # netbsd-1-6 branch on 2003-11-07, then pretend it's openssl-0.9.6l.
68 BUILTIN_OPENSSL_HAS_20031107_FIX!= \
69 ${AWK} 'BEGIN { ans = "no" } \
70 /OPENSSL_HAS_20031107_FIX/ { ans = "yes" } \
71 END { print ans; exit 0 } \
73 . if !empty(BUILTIN_OPENSSL_HAS_20031107_FIX:M[yY][eE][sS])
74 BUILTIN_VERSION.openssl= 0.9.6l
77 # If the native OpenSSL contains the security fixes pulled up to the
78 # netbsd-1-6 branch on 2004-04-01, then pretend it's openssl-0.9.6m.
80 BUILTIN_OPENSSL_HAS_20040401_FIX!= \
81 ${AWK} 'BEGIN { ans = "no" } \
82 /OPENSSL_HAS_20040401_FIX/ { ans = "yes" } \
83 END { print ans; exit 0 } \
85 . if !empty(BUILTIN_OPENSSL_HAS_20040401_FIX:M[yY][eE][sS])
86 BUILTIN_VERSION.openssl= 0.9.6m
88 . elif !empty(BUILTIN_VERSION.openssl:M0\.9\.7d) && \
89 empty(H_OPENSSLV:M__nonexistent__)
91 # If the native OpenSSL contains the security fixes pulled up to the
92 # netbsd-2-0, netbsd-2, and netbsd-3-0 branches on 2005-10-11, then
93 # pretend it's openssl-0.9.7h.
95 BUILTIN_OPENSSL_HAS_20051011_FIX!= \
96 ${AWK} 'BEGIN { ans = "no" } \
97 /OPENSSL_HAS_20051011_FIX/ { ans = "yes" } \
98 END { print ans; exit 0 } \
100 . if !empty(BUILTIN_OPENSSL_HAS_20051011_FIX:M[yY][eE][sS])
101 BUILTIN_VERSION.openssl= 0.9.7h
104 BUILTIN_PKG.openssl= openssl-${BUILTIN_VERSION.openssl}
106 MAKEVARS+= BUILTIN_PKG.openssl
107 MAKEVARS+= BUILTIN_VERSION.openssl
109 .if !defined(BUILTIN_OPENSSL_HAS_THREADS) && \
110 !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) && \
111 empty(H_OPENSSLCONF:M__nonexistent__)
112 BUILTIN_OPENSSL_HAS_THREADS!= \
113 ${AWK} 'BEGIN { ans = "no" } \
114 /\#[ ]*define[ ]*OPENSSL_THREADS/ { ans= "yes" } \
115 /\#[ ]*define[ ]*THREADS/ { ans = "yes" } \
116 END { print ans; exit 0 } \
119 MAKEVARS+= BUILTIN_OPENSSL_HAS_THREADS
122 ### Determine whether we should use the built-in implementation if it
123 ### exists, and set USE_BUILTIN.<pkg> appropriate ("yes" or "no").
125 .if !defined(USE_BUILTIN.openssl)
126 . if ${PREFER.openssl} == "pkgsrc"
127 USE_BUILTIN.openssl= no
129 USE_BUILTIN.openssl= ${IS_BUILTIN.openssl}
130 . if defined(BUILTIN_PKG.openssl) && \
131 !empty(IS_BUILTIN.openssl:M[yY][eE][sS])
132 USE_BUILTIN.openssl= yes
133 . for dep_ in ${BUILDLINK_API_DEPENDS.openssl}
134 . if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
135 USE_BUILTIN.openssl!= \
136 if ${PKG_ADMIN} pmatch ${dep_:Q} ${BUILTIN_PKG.openssl:Q}; then \
144 . if !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) && \
145 defined(USE_FEATURES.openssl)
146 . if !empty(USE_FEATURES.openssl:Mthreads) && \
147 !empty(BUILTIN_OPENSSL_HAS_THREADS:M[nN][oO])
148 USE_BUILTIN.openssl= no
151 . endif # PREFER.openssl
153 MAKEVARS+= USE_BUILTIN.openssl
156 ### The section below only applies if we are not including this file
157 ### solely to determine whether a built-in implementation exists.
159 CHECK_BUILTIN.openssl?= no
160 .if !empty(CHECK_BUILTIN.openssl:M[nN][oO])
162 . if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
163 . if empty(H_OPENSSLV:M__nonexistent__)
164 . if !empty(H_OPENSSLV:M/usr/sfw/*)
165 BUILDLINK_PREFIX.openssl= /usr/sfw
166 BUILDLINK_PASSTHRU_DIRS+= /usr/sfw
167 . elif !empty(H_OPENSSLV:M/usr/*)
168 BUILDLINK_PREFIX.openssl= /usr
169 . elif !empty(H_OPENSSLV:M/boot/common/*)
170 BUILDLINK_PREFIX.openssl= /boot/common
175 # By default, we don't bother with the old DES API.
177 . if !empty(USE_OLD_DES_API:M[yY][eE][sS])
179 # If we're using the old DES API, then check to see if the old DES
180 # code was factored out into a separate library and header files and
181 # no longer a part of libcrypto.
183 . if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
184 . if exists(${BUILDLINK_PREFIX.openssl}/include/des.h) && \
185 !empty(BUILTIN_LIB_FOUND.des:M[yY][eE][sS])
186 BUILDLINK_TRANSFORM+= l:crypto:des:crypto
187 WRAPPER_REORDER_CMDS+= reorder:l:des:crypto
191 # The idea is to avoid the need to patch source files for packages that
192 # use OpenSSL for DES support by ensuring that including <openssl/des.h>
193 # will always present the old DES API.
195 # (1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and
196 # <openssl/des.h> already does the right thing.
198 # (2) If des_old.h doesn't exist, then one of two things is happening:
199 # (a) If <openssl/des.h> is old and (only) supports the old DES API,
200 # then <openssl/des.h> does the right thing.
201 # (b) If it's NetBSD's Special(TM) one that stripped out the old DES
202 # support into a separate library and header (-ldes, <des.h>),
203 # then we create a new header <openssl/des.h> that includes the
204 # system one and <des.h>, and we create an <openssl/des_old.h>
205 # that just includes <des.h>.
207 BUILDLINK_TARGETS+= buildlink-openssl-des-h
208 . if !target(buildlink-openssl-des-h)
209 .PHONY: buildlink-openssl-des-h
210 buildlink-openssl-des-h:
212 bl_odes_h="${BUILDLINK_DIR}/include/openssl/des.h"; \
213 bl_odes_old_h="${BUILDLINK_DIR}/include/openssl/des_old.h"; \
214 odes_h="${BUILDLINK_PREFIX.openssl}/include/openssl/des.h"; \
215 odes_old_h="${BUILDLINK_PREFIX.openssl}/include/openssl/des_old.h"; \
216 des_h="${BUILDLINK_PREFIX.openssl}/include/des.h"; \
217 if ${TEST} -f "$$odes_old_h"; then \
218 ${ECHO_BUILDLINK_MSG} "<openssl/des.h> supports old DES API."; \
220 elif ${GREP} -q "des_cblock" "$$odes_h" 2>/dev/null; then \
221 ${ECHO_BUILDLINK_MSG} "<openssl/des.h> supports old DES API."; \
223 elif ${TEST} -f "$$des_h" -a -f "$$odes_h"; then \
224 ${ECHO_BUILDLINK_MSG} "Creating $$bl_odes_h"; \
225 ${RM} -f $$bl_odes_h; \
226 ${MKDIR} `${DIRNAME} $$bl_odes_h`; \
227 ( ${ECHO} "/* Created by openssl/builtin.mk:${.TARGET} */"; \
228 ${ECHO} "#include \"$$odes_h\""; \
229 ${ECHO} "#include \"$$des_h\""; \
231 ${ECHO_BUILDLINK_MSG} "Creating $$bl_odes_old_h"; \
232 ${RM} -f $$bl_odes_old_h; \
233 ${MKDIR} `${DIRNAME} $$bl_odes_old_h`; \
234 ( ${ECHO} "/* Created by openssl/builtin.mk:${.TARGET} */"; \
235 ${ECHO} "#include \"$$des_h\""; \
236 ) > $$bl_odes_old_h; \
239 ${ECHO} "Unable to find headers for old DES API."; \
243 . endif # USE_OLD_DES_API == yes
245 . if defined(PKG_SYSCONFDIR.openssl)
246 SSLDIR= ${PKG_SYSCONFDIR.openssl}
247 . elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
248 . if ${OPSYS} == "NetBSD"
250 . elif ${OPSYS} == "Haiku"
251 SSLDIR= /boot/common/ssl
253 SSLDIR= /etc/ssl # most likely place
256 SSLDIR= ${PKG_SYSCONFBASEDIR}/openssl
259 SSLCERTS= ${SSLDIR}/certs
260 SSLKEYS= ${SSLDIR}/private
262 BUILD_DEFS+= SSLDIR SSLCERTS SSLKEYS
264 # create pc files for builtin version; other versions assumed to contain them
265 # If we are using the builtin version, check whether it has a *.pc
266 # files or not. If the latter, generate fake ones.
267 . if !empty(USE_BUILTIN.openssl:M[Yy][Ee][Ss])
268 BUILDLINK_TARGETS+= openssl-fake-pc
270 . if !defined(HAS_OPENSSL_FAKE_PC)
275 src=${BUILDLINK_PREFIX.openssl}/lib/pkgconfig/libcrypto.pc; \
276 dst=${BUILDLINK_DIR}/lib/pkgconfig/libcrypto.pc; \
277 ${MKDIR} ${BUILDLINK_DIR}/lib/pkgconfig; \
278 if ${TEST} -f $${src}; then \
279 ${LN} -sf $${src} $${dst}; \
281 { ${ECHO} "Name: OpenSSL-libcrypto"; \
282 ${ECHO} "Description: OpenSSL cryptography library"; \
283 ${ECHO} "Version: ${BUILTIN_VERSION.openssl}"; \
284 ${ECHO} "Libs: -L${BUILDLINK_PREFIX.openssl}/lib -lcrypto"; \
285 ${ECHO} "Cflags: -I${BUILDLINK_PREFIX.openssl}/include"; \
289 src=${BUILDLINK_PREFIX.openssl}/lib/pkgconfig/libssl.pc; \
290 dst=${BUILDLINK_DIR}/lib/pkgconfig/libssl.pc; \
291 ${MKDIR} ${BUILDLINK_DIR}/lib/pkgconfig; \
292 if ${TEST} -f $${src}; then \
293 ${LN} -sf $${src} $${dst}; \
295 { ${ECHO} "Name: OpenSSL"; \
296 ${ECHO} "Description: Secure Sockets Layer and cryptography libraries"; \
297 ${ECHO} "Version: ${BUILTIN_VERSION.openssl}"; \
298 ${ECHO} "Libs: -L${BUILDLINK_PREFIX.openssl}/lib -lssl -lcrypto"; \
299 ${ECHO} "Cflags: -I${BUILDLINK_PREFIX.openssl}/include"; \
303 src=${BUILDLINK_PREFIX.openssl}/lib/pkgconfig/openssl.pc; \
304 dst=${BUILDLINK_DIR}/lib/pkgconfig/openssl.pc; \
305 ${MKDIR} ${BUILDLINK_DIR}/lib/pkgconfig; \
306 if ${TEST} -f $${src}; then \
307 ${LN} -sf $${src} $${dst}; \
309 { ${ECHO} "Name: OpenSSL"; \
310 ${ECHO} "Description: Secure Sockets Layer and cryptography libraries and tools"; \
311 ${ECHO} "Version: ${BUILTIN_VERSION.openssl}"; \
312 ${ECHO} "Libs: -L${BUILDLINK_PREFIX.openssl}/lib -lssl -lcrypto"; \
313 ${ECHO} "Cflags: -I${BUILDLINK_PREFIX.openssl}/include"; \
319 .endif # CHECK_BUILTIN.openssl