openssl: add package

packages/security/openssl/package.mk

@@ -0,0 +1,119 @@
+###############################################################################
+#      This file is part of LibreELEC - https://libreelec.tv
+#      Copyright (C) 2016 Team LibreELEC
+#
+#  LibreELEC is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  LibreELEC is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with LibreELEC.  If not, see <http://www.gnu.org/licenses/>.
+################################################################################
+
+PKG_NAME="openssl"
+PKG_VERSION="1.0.2k"
+PKG_REV="1"
+PKG_ARCH="any"
+PKG_LICENSE="BSD"
+PKG_SITE="https://www.openssl.org"
+PKG_URL="https://www.openssl.org/source/$PKG_NAME-$PKG_VERSION.tar.gz"
+PKG_DEPENDS_HOST="ccache:host"
+PKG_DEPENDS_TARGET="toolchain"
+PKG_SECTION="security"
+PKG_SHORTDESC="The Open Source toolkit for Secure Sockets Layer and Transport Layer Security"
+PKG_LONGDESC="The Open Source toolkit for Secure Sockets Layer and Transport Layer Security"
+
+PKG_IS_ADDON="no"
+PKG_AUTORECONF="no"
+
+PKG_CONFIGURE_OPTS_SHARED="--openssldir=/etc/ssl \
+                           --libdir=lib \
+                           shared \
+                           threads \
+                           no-ec2m \
+                           no-gmp \
+                           no-jpake \
+                           no-krb5 \
+                           no-libunbound \
+                           no-md2 \
+                           no-rc5 \
+                           no-rfc3779
+                           no-sctp \
+                           no-ssl-trace \
+                           no-ssl2 \
+                           no-ssl3 \
+                           no-store \
+                           no-unit-test \
+                           no-weak-ssl-ciphers \
+                           no-zlib \
+                           no-zlib-dynamic \
+                           no-static-engine"
+
+pre_configure_host() {
+  mkdir -p $ROOT/$PKG_BUILD/.$HOST_NAME
+  cp -a $ROOT/$PKG_BUILD/* $ROOT/$PKG_BUILD/.$HOST_NAME/
+}
+
+configure_host() {
+  cd $ROOT/$PKG_BUILD/.$HOST_NAME
+  ./Configure --prefix=/ $PKG_CONFIGURE_OPTS_SHARED linux-x86_64 $CFLAGS $LDFLAGS
+}
+
+makeinstall_host() {
+  make INSTALL_PREFIX=$ROOT/$TOOLCHAIN install_sw
+}
+
+pre_configure_target() {
+  mkdir -p $ROOT/$PKG_BUILD/.$TARGET_NAME
+  cp -a $ROOT/$PKG_BUILD/* $ROOT/$PKG_BUILD/.$TARGET_NAME/
+
+  case $TARGET_ARCH in
+    x86_64)
+      OPENSSL_TARGET=linux-x86_64
+      PLATFORM_FLAGS=enable-ec_nistp_64_gcc_128
+      ;;
+    arm)
+      OPENSSL_TARGET=linux-armv4
+      ;;
+    aarch64)
+      OPENSSL_TARGET=linux-aarch64
+      ;;
+  esac
+}
+
+configure_target() {
+  cd $ROOT/$PKG_BUILD/.$TARGET_NAME
+  ./Configure --prefix=/usr $PKG_CONFIGURE_OPTS_SHARED $PLATFORM_FLAGS $OPENSSL_TARGET $CFLAGS $LDFLAGS
+}
+
+makeinstall_target() {
+  make INSTALL_PREFIX=$INSTALL install_sw
+  make INSTALL_PREFIX=$SYSROOT_PREFIX install_sw
+  chmod 755 $INSTALL/usr/lib/*.so*
+  chmod 755 $INSTALL/usr/lib/engines/*.so
+}
+
+post_makeinstall_target() {
+  rm -rf $INSTALL/etc/ssl/misc
+  rm -rf $INSTALL/usr/bin/c_rehash
+
+  debug_strip $INSTALL/usr/bin/openssl
+
+  # cert from https://curl.haxx.se/docs/caextract.html
+  mkdir -p $INSTALL/etc/ssl
+    cp $PKG_DIR/cert/cacert.pem $INSTALL/etc/ssl/cert.pem
+
+  # backwards comatibility
+  mkdir -p $INSTALL/etc/pki/tls
+    ln -sf /etc/ssl/cert.pem $INSTALL/etc/pki/tls/cacert.pem
+  mkdir -p $INSTALL/etc/pki/tls/certs
+    ln -sf /etc/ssl/cert.pem $INSTALL/etc/pki/tls/certs/ca-bundle.crt
+  mkdir -p $INSTALL/usr/lib/ssl
+    ln -sf /etc/ssl/cert.pem $INSTALL/usr/lib/ssl/cert.pem
+}

packages/security/openssl/patches/openssl-0001-ca-dir.patch

@@ -0,0 +1,33 @@
+--- openssl-1.0.2j/apps/CA.pl.in	2006-04-28 02:30:49.000000000 +0200
++++ openssl-1.0.2j/apps/CA.pl.in	2010-04-01 00:35:02.600553509 +0200
+@@ -53,7 +53,7 @@
+ $X509="$openssl x509";
+ $PKCS12="$openssl pkcs12";
+ 
+-$CATOP="./demoCA";
++$CATOP="/etc/ssl";
+ $CAKEY="cakey.pem";
+ $CAREQ="careq.pem";
+ $CACERT="cacert.pem";
+--- openssl-1.0.2j/apps/CA.sh	2009-10-15 19:27:47.000000000 +0200
++++ openssl-1.0.2j/apps/CA.sh	2010-04-01 00:35:02.600553509 +0200
+@@ -68,7 +68,7 @@
+ X509="$OPENSSL x509"
+ PKCS12="openssl pkcs12"
+ 
+-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
++if [ -z "$CATOP" ] ; then CATOP=/etc/ssl ; fi
+ CAKEY=./cakey.pem
+ CAREQ=./careq.pem
+ CACERT=./cacert.pem
+--- openssl-1.0.2j/apps/openssl.cnf	2009-04-04 20:09:43.000000000 +0200
++++ openssl-1.0.2j/apps/openssl.cnf	2010-04-01 00:35:02.607220681 +0200
+@@ -39,7 +39,7 @@
+ ####################################################################
+ [ CA_default ]
+ 
+-dir		= ./demoCA		# Where everything is kept
++dir		= /etc/ssl		# Where everything is kept
+ certs		= $dir/certs		# Where the issued certs are kept
+ crl_dir		= $dir/crl		# Where the issued crl are kept
+ database	= $dir/index.txt	# database index file.