[Buildroot] [PATCH 1/5] libressl: new package
Arnout Vandecappelle
arnout at mind.be
Thu Jun 15 22:27:09 UTC 2017
On 15-06-17 16:29, Adam Duskett wrote:
> Libressl is a fork of openssl from OpenSSL in 2014. It's goal is to
^^^^ Its
> modernize the OpenSSL codebase, improve security, and apply best practice
> development processes.
>
> Right now, libressl is API compatible with OpenSSL 1.0.1, but does not yet
> include all new APIs from OpenSSL 1.0.2 and later.
>
> The main source is libressl-portable, which "Includes the build scaffold
> and compatibility layer that builds portable LibreSSL from the OpenBSD
> source code."
>
> Before the build process can begin, autogen.sh must be ran manually,
> as it pulls from the upstream OpenBSD source which adds several
That is not acceptable: it must be possible to do the build offline, after
doing 'make source'. If a configure scripts starts downloading things, that
won't work. But as Thomas pointed out, the release tarball fixes that.
> directories to the source, along with several other steps necessary
> before building can begin. Setting LIBRESSL_AUTORECONF = YES fails
> with several "No such file or directory" errors as well.
Please wrap the commit message at 72 columns.
>
> This package has been tested with the following architectures and c libraries:
> - armv4
> - aarch64
> - ppc
> - ppc64
> - ppc64le
> - x86_64
> - uClibc-ng
> - glibc 2.24
> - musl
>
> Signed-off-by: Adam Duskett <aduskett at codeblue.com>
> ---
> package/Config.in | 1 +
> package/libressl/Config.in | 20 ++++++++++++++++++++
> package/libressl/libressl.hash | 2 ++
> package/libressl/libressl.mk | 31 +++++++++++++++++++++++++++++++
> 4 files changed, 54 insertions(+)
> create mode 100644 package/libressl/Config.in
> create mode 100644 package/libressl/libressl.hash
> create mode 100644 package/libressl/libressl.mk
>
> diff --git a/package/Config.in b/package/Config.in
> index 529bd96..1674444 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -963,6 +963,7 @@ menu "Crypto"
> source "package/libmcrypt/Config.in"
> source "package/libmhash/Config.in"
> source "package/libnss/Config.in"
> + source "package/libressl/Config.in"
> source "package/libscrypt/Config.in"
> source "package/libsecret/Config.in"
> source "package/libsha1/Config.in"
> diff --git a/package/libressl/Config.in b/package/libressl/Config.in
> new file mode 100644
> index 0000000..035176a
> --- /dev/null
> +++ b/package/libressl/Config.in
> @@ -0,0 +1,20 @@
> +config BR2_PACKAGE_LIBRESSL
> + bool "libressl"
> + help
> + LibreSSL is a version of the TLS/crypto stack forked from
> + OpenSSL in 2014, with goals of modernizing the codebase,
> + improving security, and applying best practice development
> + processes.
> +
> + http://www.libressl.org/
> +
> +if BR2_PACKAGE_LIBRESSL
> +
> +config BR2_PACKAGE_LIBRESSL_BIN
> + bool "openssl binary"
> + help
> + Install the openssl binary and the associated helper scripts
> + to the target file system. This is a command line tool for
> + doing various cryptographic stuff.
> +
> +endif
> diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
> new file mode 100644
> index 0000000..9c478de
> --- /dev/null
> +++ b/package/libressl/libressl.hash
> @@ -0,0 +1,2 @@
> +# Locally computed
> +sha256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c libressl-v2.5.4.tar.gz
Doesn't upstream provide any verifiable hashes? That's weird for a crypto lib...
> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
> new file mode 100644
> index 0000000..940ca22
> --- /dev/null
> +++ b/package/libressl/libressl.mk
> @@ -0,0 +1,31 @@
> +################################################################################
> +#
> +# libressl
> +#
> +################################################################################
> +
> +LIBRESSL_VERSION = v2.5.4
> +LIBRESSL_SITE = https://github.com/libressl-portable/portable.git
> +LIBRESSL_SITE_METHOD = git
> +LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay
The , is ambiguous. If it is intended to be or for all of them, specify 'or'.
But I think the license is in fact different per component; in that case, put
the component to which the license applies between parenthesis.
> +LIBRESSL_LICENSE_FILES = COPYING
> +LIBRESSL_INSTALL_STAGING = YES
> +
> +# autogen.sh needs to be ran manually as it pulls from the upstream
> +# OpenBSD source which adds several directories to the source.
> +# Setting LIBRESSL_AUTORECONF = YES fails with several
> +# "No such file or directory" errors.
If you do this, you also need to add host-automake etc. to _DEPENDENCIES.
> +define LIBRESSL_RUN_AUTOGEN
> + cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
> +endef
> +LIBRESSL_POST_PATCH_HOOKS += LIBRESSL_RUN_AUTOGEN
> +
> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
> +define LIBRESSL_REMOVE_BIN
> + $(RM) -f $(TARGET_DIR)/usr/bin/openssl
the help message mentions "and scripts"...
> +endef
> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
> +endif
> +
> +$(eval $(autotools-package))
> +$(eval $(host-autotools-package))
There's also a CMakeLists.txt; in many cases, that's better maintained so
easier to support going forward. But I don't know what upstream prefers.
Regards,
Arnout
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
More information about the buildroot
mailing list