diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-02 14:40:32 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-03 13:41:01 +0000 |
commit | e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2 (patch) | |
tree | d1686a37797b005ad6288de57cc0903f46e43bee | |
parent | 4b76335f8ece39f111b32e4092d5f5c1e134be4a (diff) | |
download | alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.tar.bz2 alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.tar.xz alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.zip |
main/openssl: replace c_rehash perl script with shell script
from http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/openssl/openssl-c_rehash.sh
fixes #2266
(cherry picked from commit 3fc0e1d57b15a8c6c652f215450c810a3c43601b)
Conflicts:
main/openssl/APKBUILD
-rw-r--r-- | main/openssl/APKBUILD | 18 | ||||
-rw-r--r-- | main/openssl/c_rehash.sh | 210 |
2 files changed, 223 insertions, 5 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index f0dfc3f085..008ecf81bb 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Timo Teras <timo.teras@iki.fi> | 1 | # Maintainer: Timo Teras <timo.teras@iki.fi> |
2 | pkgname=openssl | 2 | pkgname=openssl |
3 | pkgver=1.0.1e | 3 | pkgver=1.0.1e |
4 | pkgrel=2 | 4 | pkgrel=3 |
5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" | 5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" |
6 | url="http://openssl.org" | 6 | url="http://openssl.org" |
7 | depends= | 7 | depends= |
@@ -21,7 +21,9 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz | |||
21 | 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 21 | 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
22 | 0005-s_client-ircv3-starttls.patch | 22 | 0005-s_client-ircv3-starttls.patch |
23 | openssl-1.0.1-version-eglibc.patch | 23 | openssl-1.0.1-version-eglibc.patch |
24 | fix-default-apps-capath.patch" | 24 | fix-default-apps-capath.patch |
25 | c_rehash.sh | ||
26 | " | ||
25 | 27 | ||
26 | _builddir="$srcdir"/$pkgname-$pkgver | 28 | _builddir="$srcdir"/$pkgname-$pkgver |
27 | 29 | ||
@@ -67,6 +69,9 @@ build() { | |||
67 | package() { | 69 | package() { |
68 | cd "$_builddir" | 70 | cd "$_builddir" |
69 | make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install | 71 | make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install |
72 | # replace the perl script with a shell script | ||
73 | rm -f "$pkgdir"/usr/bin/c_rehash | ||
74 | install -m 755 "$srcdir"/c_rehash.sh "$pkgdir"/usr/bin/c_rehash || return 1 | ||
70 | } | 75 | } |
71 | 76 | ||
72 | libcrypto() { | 77 | libcrypto() { |
@@ -99,7 +104,8 @@ cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-s | |||
99 | c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 104 | c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
100 | c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch | 105 | c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch |
101 | d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch | 106 | d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch |
102 | efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch" | 107 | efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch |
108 | b1068a6dd30ec8adf63b4fd0057491a0 c_rehash.sh" | ||
103 | sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz | 109 | sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz |
104 | fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch | 110 | fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch |
105 | 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch | 111 | 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch |
@@ -109,7 +115,8 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e | |||
109 | 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 115 | 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
110 | 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch | 116 | 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch |
111 | 51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch | 117 | 51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch |
112 | 1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch" | 118 | 1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch |
119 | 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 c_rehash.sh" | ||
113 | sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz | 120 | sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz |
114 | 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch | 121 | 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch |
115 | 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch | 122 | 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch |
@@ -119,4 +126,5 @@ b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55d | |||
119 | 3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 126 | 3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
120 | 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch | 127 | 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch |
121 | 6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch | 128 | 6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch |
122 | f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch" | 129 | f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch |
130 | 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da c_rehash.sh" | ||
diff --git a/main/openssl/c_rehash.sh b/main/openssl/c_rehash.sh new file mode 100644 index 0000000000..75a774945c --- /dev/null +++ b/main/openssl/c_rehash.sh | |||
@@ -0,0 +1,210 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # Ben Secrest <blsecres@gmail.com> | ||
4 | # | ||
5 | # sh c_rehash script, scan all files in a directory | ||
6 | # and add symbolic links to their hash values. | ||
7 | # | ||
8 | # based on the c_rehash perl script distributed with openssl | ||
9 | # | ||
10 | # LICENSE: See OpenSSL license | ||
11 | # ^^acceptable?^^ | ||
12 | # | ||
13 | |||
14 | # default certificate location | ||
15 | DIR=/etc/openssl | ||
16 | |||
17 | # for filetype bitfield | ||
18 | IS_CERT=$(( 1 << 0 )) | ||
19 | IS_CRL=$(( 1 << 1 )) | ||
20 | |||
21 | |||
22 | # check to see if a file is a certificate file or a CRL file | ||
23 | # arguments: | ||
24 | # 1. the filename to be scanned | ||
25 | # returns: | ||
26 | # bitfield of file type; uses ${IS_CERT} and ${IS_CRL} | ||
27 | # | ||
28 | check_file() | ||
29 | { | ||
30 | local IS_TYPE=0 | ||
31 | |||
32 | # make IFS a newline so we can process grep output line by line | ||
33 | local OLDIFS=${IFS} | ||
34 | IFS=$( printf "\n" ) | ||
35 | |||
36 | # XXX: could be more efficient to have two 'grep -m' but is -m portable? | ||
37 | for LINE in $( grep '^-----BEGIN .*-----' ${1} ) | ||
38 | do | ||
39 | if echo ${LINE} \ | ||
40 | | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' | ||
41 | then | ||
42 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) | ||
43 | |||
44 | if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
45 | then | ||
46 | break | ||
47 | fi | ||
48 | elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' | ||
49 | then | ||
50 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) | ||
51 | |||
52 | if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
53 | then | ||
54 | break | ||
55 | fi | ||
56 | fi | ||
57 | done | ||
58 | |||
59 | # restore IFS | ||
60 | IFS=${OLDIFS} | ||
61 | |||
62 | return ${IS_TYPE} | ||
63 | } | ||
64 | |||
65 | |||
66 | # | ||
67 | # use openssl to fingerprint a file | ||
68 | # arguments: | ||
69 | # 1. the filename to fingerprint | ||
70 | # 2. the method to use (x509, crl) | ||
71 | # returns: | ||
72 | # none | ||
73 | # assumptions: | ||
74 | # user will capture output from last stage of pipeline | ||
75 | # | ||
76 | fingerprint() | ||
77 | { | ||
78 | ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' | ||
79 | } | ||
80 | |||
81 | |||
82 | # | ||
83 | # link_hash - create links to certificate files | ||
84 | # arguments: | ||
85 | # 1. the filename to create a link for | ||
86 | # 2. the type of certificate being linked (x509, crl) | ||
87 | # returns: | ||
88 | # 0 on success, 1 otherwise | ||
89 | # | ||
90 | link_hash() | ||
91 | { | ||
92 | local FINGERPRINT=$( fingerprint ${1} ${2} ) | ||
93 | local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) | ||
94 | local SUFFIX=0 | ||
95 | local LINKFILE='' | ||
96 | local TAG='' | ||
97 | |||
98 | if [ ${2} = "crl" ] | ||
99 | then | ||
100 | TAG='r' | ||
101 | fi | ||
102 | |||
103 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
104 | |||
105 | while [ -f ${LINKFILE} ] | ||
106 | do | ||
107 | if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] | ||
108 | then | ||
109 | echo "WARNING: Skipping duplicate file ${1}" >&2 | ||
110 | return 1 | ||
111 | fi | ||
112 | |||
113 | SUFFIX=$(( ${SUFFIX} + 1 )) | ||
114 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
115 | done | ||
116 | |||
117 | echo "${1} => ${LINKFILE}" | ||
118 | |||
119 | # assume any system with a POSIX shell will either support symlinks or | ||
120 | # do something to handle this gracefully | ||
121 | ln -s ${1} ${LINKFILE} | ||
122 | |||
123 | return 0 | ||
124 | } | ||
125 | |||
126 | |||
127 | # hash_dir create hash links in a given directory | ||
128 | hash_dir() | ||
129 | { | ||
130 | echo "Doing ${1}" | ||
131 | |||
132 | cd ${1} | ||
133 | |||
134 | ls -1 * 2>/dev/null | while read FILE | ||
135 | do | ||
136 | if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ | ||
137 | && [ -h "${FILE}" ] | ||
138 | then | ||
139 | rm ${FILE} | ||
140 | fi | ||
141 | done | ||
142 | |||
143 | ls -1 *.pem 2>/dev/null | while read FILE | ||
144 | do | ||
145 | check_file ${FILE} | ||
146 | local FILE_TYPE=${?} | ||
147 | local TYPE_STR='' | ||
148 | |||
149 | if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
150 | then | ||
151 | TYPE_STR='x509' | ||
152 | elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
153 | then | ||
154 | TYPE_STR='crl' | ||
155 | else | ||
156 | echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2 | ||
157 | continue | ||
158 | fi | ||
159 | |||
160 | link_hash ${FILE} ${TYPE_STR} | ||
161 | done | ||
162 | } | ||
163 | |||
164 | |||
165 | # choose the name of an ssl application | ||
166 | if [ -n "${OPENSSL}" ] | ||
167 | then | ||
168 | SSL_CMD=$(which ${OPENSSL} 2>/dev/null) | ||
169 | else | ||
170 | SSL_CMD=/usr/bin/openssl | ||
171 | OPENSSL=${SSL_CMD} | ||
172 | export OPENSSL | ||
173 | fi | ||
174 | |||
175 | # fix paths | ||
176 | PATH=${PATH}:${DIR}/bin | ||
177 | export PATH | ||
178 | |||
179 | # confirm existance/executability of ssl command | ||
180 | if ! [ -x ${SSL_CMD} ] | ||
181 | then | ||
182 | echo "${0}: rehashing skipped ('openssl' program not available)" >&2 | ||
183 | exit 0 | ||
184 | fi | ||
185 | |||
186 | # determine which directories to process | ||
187 | old_IFS=$IFS | ||
188 | if [ ${#} -gt 0 ] | ||
189 | then | ||
190 | IFS=':' | ||
191 | DIRLIST=${*} | ||
192 | elif [ -n "${SSL_CERT_DIR}" ] | ||
193 | then | ||
194 | DIRLIST=$SSL_CERT_DIR | ||
195 | else | ||
196 | DIRLIST=${DIR}/certs | ||
197 | fi | ||
198 | |||
199 | IFS=':' | ||
200 | |||
201 | # process directories | ||
202 | for CERT_DIR in ${DIRLIST} | ||
203 | do | ||
204 | if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] | ||
205 | then | ||
206 | IFS=$old_IFS | ||
207 | hash_dir ${CERT_DIR} | ||
208 | IFS=':' | ||
209 | fi | ||
210 | done | ||