[Buildroot] [PATCH 1/5] libressl: new package
Adam Duskett
aduskett at gmail.com
Fri Jun 16 12:38:00 UTC 2017
On Thu, Jun 15, 2017 at 6:27 PM, Arnout Vandecappelle <arnout at mind.be> wrote:
>
>
> On 15-06-17 16:29, Adam Duskett wrote:
>> Libressl is a fork of openssl from OpenSSL in 2014. It's goal is to
> ^^^^ Its
>
>> modernize the OpenSSL codebase, improve security, and apply best practice
>> development processes.
>>
>> Right now, libressl is API compatible with OpenSSL 1.0.1, but does not yet
>> include all new APIs from OpenSSL 1.0.2 and later.
>>
>> The main source is libressl-portable, which "Includes the build scaffold
>> and compatibility layer that builds portable LibreSSL from the OpenBSD
>> source code."
>>
>> Before the build process can begin, autogen.sh must be ran manually,
>> as it pulls from the upstream OpenBSD source which adds several
>
> That is not acceptable: it must be possible to do the build offline, after
> doing 'make source'. If a configure scripts starts downloading things, that
> won't work. But as Thomas pointed out, the release tarball fixes that.
>
Fair enough; I will fix this today.
>> directories to the source, along with several other steps necessary
>> before building can begin. Setting LIBRESSL_AUTORECONF = YES fails
>> with several "No such file or directory" errors as well.
>
> Please wrap the commit message at 72 columns.
Yeah; I had my margins set to 68, my bad.
>
>>
>> This package has been tested with the following architectures and c libraries:
>> - armv4
>> - aarch64
>> - ppc
>> - ppc64
>> - ppc64le
>> - x86_64
>> - uClibc-ng
>> - glibc 2.24
>> - musl
>>
>> Signed-off-by: Adam Duskett <aduskett at codeblue.com>
>> ---
>> package/Config.in | 1 +
>> package/libressl/Config.in | 20 ++++++++++++++++++++
>> package/libressl/libressl.hash | 2 ++
>> package/libressl/libressl.mk | 31 +++++++++++++++++++++++++++++++
>> 4 files changed, 54 insertions(+)
>> create mode 100644 package/libressl/Config.in
>> create mode 100644 package/libressl/libressl.hash
>> create mode 100644 package/libressl/libressl.mk
>>
>> diff --git a/package/Config.in b/package/Config.in
>> index 529bd96..1674444 100644
>> --- a/package/Config.in
>> +++ b/package/Config.in
>> @@ -963,6 +963,7 @@ menu "Crypto"
>> source "package/libmcrypt/Config.in"
>> source "package/libmhash/Config.in"
>> source "package/libnss/Config.in"
>> + source "package/libressl/Config.in"
>> source "package/libscrypt/Config.in"
>> source "package/libsecret/Config.in"
>> source "package/libsha1/Config.in"
>> diff --git a/package/libressl/Config.in b/package/libressl/Config.in
>> new file mode 100644
>> index 0000000..035176a
>> --- /dev/null
>> +++ b/package/libressl/Config.in
>> @@ -0,0 +1,20 @@
>> +config BR2_PACKAGE_LIBRESSL
>> + bool "libressl"
>> + help
>> + LibreSSL is a version of the TLS/crypto stack forked from
>> + OpenSSL in 2014, with goals of modernizing the codebase,
>> + improving security, and applying best practice development
>> + processes.
>> +
>> + http://www.libressl.org/
>> +
>> +if BR2_PACKAGE_LIBRESSL
>> +
>> +config BR2_PACKAGE_LIBRESSL_BIN
>> + bool "openssl binary"
>> + help
>> + Install the openssl binary and the associated helper scripts
>> + to the target file system. This is a command line tool for
>> + doing various cryptographic stuff.
>> +
>> +endif
>> diff --git a/package/libressl/libressl.hash b/package/libressl/libressl.hash
>> new file mode 100644
>> index 0000000..9c478de
>> --- /dev/null
>> +++ b/package/libressl/libressl.hash
>> @@ -0,0 +1,2 @@
>> +# Locally computed
>> +sha256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c libressl-v2.5.4.tar.gz
>
> Doesn't upstream provide any verifiable hashes? That's weird for a crypto lib...
>
>> diff --git a/package/libressl/libressl.mk b/package/libressl/libressl.mk
>> new file mode 100644
>> index 0000000..940ca22
>> --- /dev/null
>> +++ b/package/libressl/libressl.mk
>> @@ -0,0 +1,31 @@
>> +################################################################################
>> +#
>> +# libressl
>> +#
>> +################################################################################
>> +
>> +LIBRESSL_VERSION = v2.5.4
>> +LIBRESSL_SITE = https://github.com/libressl-portable/portable.git
>> +LIBRESSL_SITE_METHOD = git
>> +LIBRESSL_LICENSE = ISC, BSD-3-Clause, OpenSSL or SSLeay
>
> The , is ambiguous. If it is intended to be or for all of them, specify 'or'.
> But I think the license is in fact different per component; in that case, put
> the component to which the license applies between parenthesis.
>
Can do.
>> +LIBRESSL_LICENSE_FILES = COPYING
>> +LIBRESSL_INSTALL_STAGING = YES
>> +
>> +# autogen.sh needs to be ran manually as it pulls from the upstream
>> +# OpenBSD source which adds several directories to the source.
>> +# Setting LIBRESSL_AUTORECONF = YES fails with several
>> +# "No such file or directory" errors.
>
> If you do this, you also need to add host-automake etc. to _DEPENDENCIES.
>
Using the tarball this issue is fixed.
>> +define LIBRESSL_RUN_AUTOGEN
>> + cd $(@D) && PATH=$(BR_PATH) ./autogen.sh
>> +endef
>> +LIBRESSL_POST_PATCH_HOOKS += LIBRESSL_RUN_AUTOGEN
>> +
>> +ifeq ($(BR2_PACKAGE_LIBRESSL_BIN),)
>> +define LIBRESSL_REMOVE_BIN
>> + $(RM) -f $(TARGET_DIR)/usr/bin/openssl
>
> the help message mentions "and scripts"...
>
Removed in the next patch. Good catch!
>> +endef
>> +LIBRESSL_POST_INSTALL_TARGET_HOOKS += LIBRESSL_REMOVE_BIN
>> +endif
>> +
>> +$(eval $(autotools-package))
>> +$(eval $(host-autotools-package))
>
> There's also a CMakeLists.txt; in many cases, that's better maintained so
> easier to support going forward. But I don't know what upstream prefers.
>
> Regards,
> Arnout
>
> --
> Arnout Vandecappelle arnout at mind be
> Senior Embedded Software Architect +32-16-286500
> Essensium/Mind http://www.mind.be
> G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
> LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
> GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
More information about the buildroot
mailing list