Date: Tuesday, February 7, 2023 @ 16:40:55
Author: pierre
Revision: 468331
archrelease: copy trunk to testing-x86_64
Added:
openssl/repos/testing-x86_64/
openssl/repos/testing-x86_64/PKGBUILD
(from rev 468330, openssl/trunk/PKGBUILD)
openssl/repos/testing-x86_64/ca-dir.patch
(from rev 468330, openssl/trunk/ca-dir.patch)
openssl/repos/testing-x86_64/keys/
--------------+
PKGBUILD | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ca-dir.patch | 31 +++++++++++++++++++++++++++
2 files changed, 95 insertions(+)
Copied: openssl/repos/testing-x86_64/PKGBUILD (from rev 468330,
openssl/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2023-02-07 16:40:55 UTC (rev 468331)
@@ -0,0 +1,64 @@
+# Maintainer: Pierre Schmitz <[email protected]>
+
+pkgname=openssl
+pkgver=3.0.8
+pkgrel=1
+pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer
Security'
+arch=('x86_64')
+url='https://www.openssl.org'
+license=('Apache')
+depends=('glibc')
+makedepends=('perl')
+optdepends=('ca-certificates' 'perl')
+replaces=('openssl-perl' 'openssl-doc')
+provides=('libcrypto.so' 'libssl.so')
+backup=('etc/ssl/openssl.cnf')
+source=("https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz"{,.asc}
+ 'ca-dir.patch')
+sha256sums=('6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e'
+ 'SKIP'
+ '0a32d9ca68e8d985ce0bfef6a4c20b46675e06178cc2d0bf6d91bd6865d648b7')
+validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491'
+ '7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C'
+ 'A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C')
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ # set ca dir to /etc/ssl by default
+ patch -Np1 -i "$srcdir/ca-dir.patch"
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ # mark stack as non-executable: http://bugs.archlinux.org/task/12434
+ ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
+ shared enable-ktls enable-ec_nistp_64_gcc_128 linux-x86_64 \
+ "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"
+
+ make depend
+ make
+}
+
+check() {
+ cd "$srcdir/$pkgbase-$pkgver"
+
+ # the test fails due to missing write permissions in /etc/ssl
+ # revert this patch for make test
+ patch -Rp1 -i "$srcdir/ca-dir.patch"
+
+ make HARNESS_JOBS=$(nproc) test
+
+ patch -Np1 -i "$srcdir/ca-dir.patch"
+ # re-run make to re-generate CA.pl from the patched .in file.
+ make apps/CA.pl
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ make DESTDIR="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install_sw
install_ssldirs install_man_docs
+
+ install -D -m644 LICENSE.txt
"$pkgdir/usr/share/licenses/$pkgname/LICENSE.txt"
+}
Copied: openssl/repos/testing-x86_64/ca-dir.patch (from rev 468330,
openssl/trunk/ca-dir.patch)
===================================================================
--- testing-x86_64/ca-dir.patch (rev 0)
+++ testing-x86_64/ca-dir.patch 2023-02-07 16:40:55 UTC (rev 468331)
@@ -0,0 +1,31 @@
+--- a/apps/CA.pl.in
++++ b/apps/CA.pl.in
+@@ -29,7 +29,7 @@
+ my $PKCS12 = "$openssl pkcs12";
+
+ # Default values for various configuration settings.
+-my $CATOP = "./demoCA";
++my $CATOP = "/etc/ssl";
+ my $CAKEY = "cakey.pem";
+ my $CAREQ = "careq.pem";
+ my $CACERT = "cacert.pem";
+--- a/apps/openssl.cnf
++++ b/apps/openssl.cnf
+@@ -79,7 +79,7 @@
+ ####################################################################
+ [ CA_default ]
+
+-dir = ./demoCA # Where everything is kept
++dir = /etc/ssl # Where everything is kept
+ certs = $dir/certs # Where the issued certs are kept
+ crl_dir = $dir/crl # Where the issued crl are kept
+ database = $dir/index.txt # database index file.
+@@ -309,7 +309,7 @@
+ [ tsa_config1 ]
+
+ # These are used by the TSA reply generation only.
+-dir = ./demoCA # TSA root directory
++dir = /etc/ssl # TSA root directory
+ serial = $dir/tsaserial # The current serial number
(mandatory)
+ crypto_device = builtin # OpenSSL engine to use for signing
+ signer_cert = $dir/tsacert.pem # The TSA signing certificate
