# Maintainer: Pierre Schmitz # ALARM: Kevin Mihelich # - set ARM architecture targets # Oleg Rakhmanov # - cryptodev enabled version buildarch=14 pkgname=openssl-cryptodev _pkgname=openssl _ver=1.1.1l # use a pacman compatible version scheme pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} pkgrel=1 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security with cryptodev support' arch=('arm' 'armv7h' 'aarch64') url='https://www.openssl.org' license=('custom:BSD') depends=('glibc') makedepends=('perl') optdepends=('ca-certificates' 'perl' 'cryptodev-dkms') backup=('etc/ssl/openssl.cnf') conflicts=('openssl') provides=("openssl=${pkgver}") install=${pkgname}.install _cryptodevver=1.12 source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz" 'ca-dir.patch' "https://github.com/cryptodev-linux/cryptodev-linux/archive/cryptodev-linux-${_cryptodevver}.tar.gz") sha256sums=('0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1' '75aa8c2c638c8a3ebfd9fa146fc61c7ff878fc997dc6aa10d39e4b2415d669b2' 'f51c2254749233b1b1d7ec9445158bd709f124f88e1c650fe2faac83c3a81938') prepare() { cd "$srcdir/$_pkgname-$_ver" # set ca dir to /etc/ssl by default patch -p0 -i "$srcdir/ca-dir.patch" # Copy the header file cp -u ${srcdir}/cryptodev-linux-cryptodev-linux-${_cryptodevver}/crypto/cryptodev.h ${srcdir}/openssl-${_ver}/crypto/ # Modify config file to use cryptodev sed -i "s/HOME\t\t\t= ./HOME\t\t\t= .\n\n# To enable cryptodev, uncomment the line below\n#openssl_conf\t\t= openssl_def/g" \ ${srcdir}/openssl-${_ver}/apps/openssl.cnf cat << 'EOF' >> ${srcdir}/openssl-${_ver}/apps/openssl.cnf [openssl_def] engines=engine_section [engine_section] devcrypto=devcrypto_section [devcrypto_section] CIPHERS=ALL DIGESTS=NONE EOF } build() { cd "$srcdir/$_pkgname-$_ver" if [ "${CARCH}" == 'x86_64' ]; then openssltarget='linux-x86_64' optflags='enable-ec_nistp_64_gcc_128' elif [ "${CARCH}" == 'i686' ]; then openssltarget='linux-elf' optflags='' elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv6h' -o "${CARCH}" == 'armv7h' ]; then openssltarget='linux-armv4' optflags='' elif [ "${CARCH}" == 'aarch64' ]; then openssltarget='linux-aarch64' optflags='no-afalgeng' fi # mark stack as non-executable: http://bugs.archlinux.org/task/12434 ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ enable-devcryptoeng -DHASH_MAX_LEN=64 \ shared no-ssl3-method ${optflags} \ "${openssltarget}" \ "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" make depend make } check() { cd "$srcdir/$_pkgname-$_ver" # the test fails due to missing write permissions in /etc/ssl # revert this patch for make test patch -p0 -R -i "$srcdir/ca-dir.patch" make test patch -p0 -i "$srcdir/ca-dir.patch" # re-run make to re-generate CA.pl from th patched .in file. make apps/CA.pl } package() { cd "$srcdir/$_pkgname-$_ver" make DESTDIR="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs install -D -m644 LICENSE "$pkgdir/usr/share/licenses/$_pkgname/LICENSE" }