Date: Fri, 28 Jan 2000 00:39:25 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: ports@freebsd.org Subject: USE_OPENSSL patch Message-ID: <Pine.BSF.4.21.0001280030490.22749-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Okay, here's my most recent USE_OPENSSL patch. I've been patching the
openssl-dependent ports and it seems to be complete enough to only require
minimal changes to them so far. Note that I haven't tested this at all on
anything other than 4.0 with rsaref (and dummy 'broken' openssl libs in
/usr/local/lib to make sure they won't get picked up if the openssl port
is installed) - I haven't had time, and we need to get this in place in
time for 4.0, so I'll need help from you guys to make that happen. Please
test whether this works under your system.
There's a nasty bug in bsd.port.mk which means that CFLAGS cannot be
changed by a makefile if it exists in make.conf - we can hack around it by
setting CFLAGS in MAKE_ARGS, but that also has negative implications
(which thankfully don't seem to affect any of the openssl ports). Thanks
for Jeremy Lea for helping me understand this.
So far I've patched the following ports to work with the patched
bsd.port.mk:
openssh
pidentd
sslwrap
bjorb
I'll be putting up these diffs in www.freebsd.org/~kris/openssl/ shortly
Index: Mk/bsd.port.mk
===================================================================
RCS file: /home/ncvs/ports/Mk/bsd.port.mk,v
retrieving revision 1.326
diff -u -r1.326 bsd.port.mk
--- Mk/bsd.port.mk 2000/01/21 11:08:06 1.326
+++ Mk/bsd.port.mk 2000/01/28 07:03:11
@@ -571,6 +571,42 @@
PREFIX?= ${LOCALBASE}
.endif
+.if defined(USE_OPENSSL)
+.if ${OSVERSION} >= 400014 && exists(/usr/lib/libcrypto.a)
+.if ${USE_OPENSSL} == RSA
+_HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | /usr/bin/grep RSA_free`"
+.if empty(_HASRSA)
+.BEGIN:
+ @${ECHO} "This port requires RSA crypto, which is not present in your"
+ @${ECHO} "version of OpenSSL. Please see Chapter XX in the FAQ for"
+ @${ECHO} "a description of the problem and alternative solutions."
+ @${FALSE}
+.elif defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref
+# We set this so ports can decide whether or not to link against librsaref
+# and libRSAglue
+OPENSSL_RSAREF= yes
+.endif
+.endif
+OPENSSLBASE= /usr
+OPENSSLDIR= /etc/ssl
+# OpenSSL in the base system doesn't include IDEA for patent reasons.
+OPENSSL_IDEA= no
+# XXX Won't always work
+CFLAGS+= -DNO_IDEA
+MAKE_ARGS+= CFLAGS="${CFLAGS}"
+.else
+LIB_DEPENDS+= crypto.1:${PORTSDIR}/security/openssl
+OPENSSLBASE?= ${LOCALBASE}
+OPENSSLDIR?= ${OPENSSLBASE}/openssl
+.endif
+OPENSSLLIB= ${OPENSSLBASE}/lib
+OPENSSLINC= ${OPENSSLBASE}/include
+MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
+ OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
+RESTRICTED= "Contains cryptography."
+.endif
+
.endif
# End of pre-makefile section.
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001280030490.22749-100000>