diff options
| -rw-r--r-- | package/libs/openssl/Makefile | 13 | ||||
| -rw-r--r-- | package/libs/openssl/engine.mk | 60 | ||||
| -rw-r--r-- | package/libs/openssl/files/engines.cnf | 7 | ||||
| -rwxr-xr-x | package/libs/openssl/files/openssl.init | 31 | ||||
| -rw-r--r-- | package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch | 5 |
5 files changed, 54 insertions, 62 deletions
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 3a0666ff8e..8ca4d83380 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=m PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=1 @@ -128,7 +128,6 @@ endef define Package/libopenssl-conf/conffiles /etc/ssl/openssl.cnf -/etc/ssl/engines.cnf.d/engines.cnf $(if CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf) $(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf) endef @@ -378,15 +377,17 @@ define Package/libopenssl/install endef define Package/libopenssl-conf/install - $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d + $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(1)/etc/config $(1)/etc/init.d $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ - $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/ + $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl + $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl + touch $(1)/etc/config/openssl $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO), $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/ - echo devcrypto=devcrypto >> $(1)/etc/ssl/engines.cnf.d/engines.cnf) + echo -e "config engine 'devcrypto'\n\toption enabled '1'" >> $(1)/etc/config/openssl) $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK), $(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/ - echo padlock=padlock >> $(1)/etc/ssl/engines.cnf.d/engines.cnf) + echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >> $(1)/etc/config/openssl) endef define Package/openssl-util/install diff --git a/package/libs/openssl/engine.mk b/package/libs/openssl/engine.mk index 482b5ad5e8..973a989904 100644 --- a/package/libs/openssl/engine.mk +++ b/package/libs/openssl/engine.mk @@ -23,60 +23,24 @@ define Package/openssl/add-engine define Package/$$(OSSL_ENG_PKG)/postinst := #!/bin/sh -# $$$$1 == non-empty: suggest reinstall -error_out() { - [ "$1" ] && cat <<- EOF - Reinstalling the libopenssl-conf package may fix this: +OPENSSL_UCI="$$$${IPKG_INSTROOT}/etc/config/openssl" - opkg install --force-reinstall libopenssl-conf - EOF - cat <<- EOF +[ -z "$$$${IPKG_INSTROOT}" ] && uci -q get openssl.$(1) >/dev/null && exit 0 - Then, you will have to reinstall this package, and any other engine package you have - you have previously installed to ensure they are enabled: +cat << EOF >> "$$$${OPENSSL_UCI}" - opkg install --force-reinstall $$(OSSL_ENG_PKG) [OTHER_ENGINE_PKG]... +config engine '$(1)' + option enabled '1' +EOF - EOF - exit 1 -} -ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf" -OPENSSL_CNF="$$$${IPKG_INSTROOT}/etc/ssl/openssl.cnf" -if [ ! -f "$$$${OPENSSL_CNF}" ]; then - echo -e "ERROR: File $$$${OPENSSL_CNF} not found." - error_out reinstall -fi -if ! grep -q "^.include /etc/ssl/engines.cnf.d" "$$$${OPENSSL_CNF}"; then - cat <<- EOF - Your /etc/ssl/openssl.cnf file is not loading engine configuration files from - /etc/ssl/engines.cnf.d. You should consider start with a fresh, updated OpenSSL config by - running: - - opkg install --force-reinstall --force-maintainer libopenssl-conf - - The above command will overwrite any changes you may have made to both /etc/ssl/openssl.cnf - and /etc/ssl/engines.cnf.d/engines.cnf files, so back them up first! - EOF - error_out -fi -if [ ! -f "$$$${ENGINES_CNF}" ]; then - echo "Can't configure $$(OSSL_ENG_PKG): File $$$${ENGINES_CNF} not found." - error_out reinstall -fi -if grep -q "$(1)=$(1)" "$$$${ENGINES_CNF}"; then - echo "$$(OSSL_ENG_PKG): $(1) engine was already configured. Nothing to be done." -else - echo "$(1)=$(1)" >> "$$$${ENGINES_CNF}" - echo "$$(OSSL_ENG_PKG): $(1) engine enabled. All done!" -fi +[ -n "$$$${IPKG_INSTROOT}" ] || /etc/init.d/openssl reload endef - define Package/$$(OSSL_ENG_PKG)/prerm := + define Package/$$(OSSL_ENG_PKG)/postrm := #!/bin/sh -ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf" -[ -f "$$$${ENGINES_CNF}" ] || exit 0 -sed -e '/$(1)=$(1)/d' -i "$$$${ENGINES_CNF}" +[ -n "$$$${IPKG_INSTROOT}" ] && exit 0 +uci delete openssl.$(1) +uci commit openssl +/etc/init.d/openssl reload endef endef - - diff --git a/package/libs/openssl/files/engines.cnf b/package/libs/openssl/files/engines.cnf deleted file mode 100644 index 333b1d6c25..0000000000 --- a/package/libs/openssl/files/engines.cnf +++ /dev/null @@ -1,7 +0,0 @@ -# This file should only contain the [engines] section -# It is subject to change by installing OpenSSL engine packages -# Any lines that have the sequence "engine-name=engine-name" will -# be removed when the respective engine gets uninstalled. -# You may avoid that by adding a space before/after the = sign. - -[engines] diff --git a/package/libs/openssl/files/openssl.init b/package/libs/openssl/files/openssl.init new file mode 100755 index 0000000000..21e253e7a5 --- /dev/null +++ b/package/libs/openssl/files/openssl.init @@ -0,0 +1,31 @@ +#!/bin/sh /etc/rc.common + +START=13 +ENGINES_CNF_D="/etc/ssl/engines.cnf.d" +ENGINES_CNF="/var/etc/ssl/engines.cnf" +ENGINES_DIR="%ENGINES_DIR%" + +config_engine() { + local enabled force + config_get_bool enabled "$1" enabled 1 + config_get_bool force "$1" force 0 + [ "$enabled" = 0 ] && return + if [ "$force" = 0 ] && \ + [ ! -f "${ENGINES_CNF_D}/$1.cnf" ] && \ + [ ! -f "${ENGINES_DIR}/$1.so" ]; then + echo Skipping engine "$1": not installed + return + fi + echo Enabling engine "$1" + echo "$1=$1" >> "${ENGINES_CNF}" +} + +start() { + mkdir -p "$(dirname "${ENGINES_CNF}")" || exit 1 + echo Generating engines.cnf + echo "# This file is automatically generated from /etc/config/openssl." \ + > "${ENGINES_CNF}" || \ + { echo Error writing ${ENGINES_CNF} >&2; exit 1; } + config_load openssl + config_foreach config_engine engine +} diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch index 3db7a19212..8851116347 100644 --- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch +++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch @@ -11,7 +11,7 @@ Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> diff --git a/apps/openssl.cnf b/apps/openssl.cnf --- a/apps/openssl.cnf +++ b/apps/openssl.cnf -@@ -22,6 +22,13 @@ oid_section = new_oids +@@ -22,6 +22,16 @@ oid_section = new_oids # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -20,6 +20,9 @@ diff --git a/apps/openssl.cnf b/apps/openssl.cnf +[openssl_conf] +engines=engines + ++[engines] ++.include /var/etc/ssl/engines.cnf ++ +.include /etc/ssl/engines.cnf.d + [ new_oids ] |