-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Portfile
198 lines (172 loc) · 7.58 KB
/
Portfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
PortSystem 1.0
PortGroup compiler_blacklist_versions 1.0
PortGroup muniversal 1.0
PortGroup legacysupport 1.1
# Availability.h
legacysupport.newest_darwin_requires_legacy 8
set major_v 3
name openssl$major_v
version ${major_v}.0.3
revision 0
# Please revbump these ports when updating the openssl3 version/revision
# - freeradius (#43461)
# - openssh (#54990)
# - openssl (to rebuild the shim links).
categories devel security
platforms darwin
license Apache-2
maintainers {larryv @larryv} {cal @neverpanic} openmaintainer
description OpenSSL SSL/TLS cryptography library
long_description The OpenSSL Project is a collaborative effort to \
develop a robust, commercial-grade, full-featured, \
and Open Source toolkit implementing the Secure \
Sockets Layer (SSL v2/v3) and Transport Layer \
Security (TLS v1) protocols as well as \
a full-strength general purpose cryptography \
library.
homepage https://www.openssl.org
depends_lib port:zlib
distname openssl-${version}
# See https://www.openssl.org/source/mirror.html
master_sites ${homepage}/source \
ftp://gd.tuwien.ac.at/infosys/security/openssl/source/ \
http://mirror.switch.ch/ftp/mirror/openssl/source/ \
ftp://ftp.fi.muni.cz/pub/openssl/source/ \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://artfiles.org/openssl.org/source/ \
ftp://ftp.linux.hr/pub/openssl/source/ \
ftp://guest.kuria.katowice.pl/pub/openssl/source/
checksums rmd160 40979ca9ff4a4dd57fdb579ced7124e66885c954 \
sha256 ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b \
size 15058905
if {${os.platform} eq "darwin" && ${os.major} < 11} {
# Having the stdlib set to libc++ on 10.6 causes a dependency on a
# macports-clang compiler to be added, which would be a dep cycle.
configure.cxx_stdlib
}
set my_name openssl-${major_v}
set my_prefix ${prefix}/libexec/${name}
#-----------------------------------------------------------------------------------------
# Fix compilation errors related to AVX-512 instruction set, occurring with Xcode Clang.
# Ticket: https://trac.macports.org/ticket/63622
#
# crypto/bn/libcrypto-lib-rsaz-avx512.o crypto/bn/rsaz-avx512.s
# crypto/bn/rsaz-avx512.s:36:2: error: instruction requires: AVX-512 ISA AVX-512 VL ISA
# vpxord %ymm0,%ymm0,%ymm0
# ^
# crypto/bn/rsaz-avx512.s:37:2: error: instruction requires: AVX-512 ISA AVX-512 VL ISA
# vmovdqa64 %ymm0,%ymm1
# ^
# crypto/bn/rsaz-avx512.s:38:2: error: instruction requires: AVX-512 ISA AVX-512 VL ISA
# vmovdqa64 %ymm0,%ymm16
# ^
# crypto/bn/rsaz-avx512.s:39:2: error: instruction requires: AVX-512 ISA AVX-512 VL ISA
# vmovdqa64 %ymm0,%ymm17
# ^
#-----------------------------------------------------------------------------------------
if {${os.platform} eq "darwin" && ${os.major} < 19} {
patchfiles-append patch-disable-avx512.diff
}
configure.ccache no
configure.perl /usr/bin/perl
configure.cmd ./Configure
configure.pre_args --prefix=${my_prefix}
configure.args -L${prefix}/lib \
--openssldir=${my_prefix}/etc/openssl \
shared \
zlib
# Use SDK if necessary.
if {${configure.sdkroot} ne ""} {
configure.args-append '-isysroot ${configure.sdkroot}' \
-Wl,-syslibroot,${configure.sdkroot}
}
set merger_arch_compiler no
array set merger_configure_args {
ppc darwin-ppc-cc
i386 darwin-i386-cc
ppc64 darwin64-ppc-cc
x86_64 darwin64-x86_64-cc
arm64 darwin64-arm64-cc
}
platform darwin {
# Don't use i386 assembly on Tiger (#38015, #43303).
if {${os.major} <= 8} {
append merger_configure_args(i386) { no-asm}
# https://trac.macports.org/ticket/58992
configure.args-append no-async
}
# Don't use x86-64 assembly on Tiger or Leopard.
if {${os.major} <= 9} {
append merger_configure_args(x86_64) { no-asm}
# OpenSSL requires Perl 5.10.0, while Leopard ships Perl 5.8.8
depends_build-append port:perl5
configure.perl ${prefix}/bin/perl5
}
}
# Don't pass --host to configure.
array set merger_host {ppc {} i386 {} ppc64 {} x86_64 {} arm64 {}}
if {(!${universal_possible} || ![variant_isset universal])
&& [info exists merger_configure_args(${configure.build_arch})]} {
configure.args-append $merger_configure_args(${configure.build_arch})
}
configure.universal_args-delete --disable-dependency-tracking
# https://github.com/openssl/openssl/issues/16551
# Fixes "Undefined symbols for architecture i386: ___atomic_is_lock_free"
if {(${configure.build_arch} eq "i386") || (${universal_possible} && [variant_isset universal] && "i386" in ${configure.universal_archs})} {
configure.args-append -DBROKEN_CLANG_ATOMICS
}
test.run yes
pre-destroot {
if {[variant_exists universal] && [variant_isset universal]} {
global merger_dont_diff
if {[llength ${universal_archs_to_use}] > 2} {
lappend merger_dont_diff ${prefix}/include/openssl/opensslconf.h
}
}
}
post-destroot {
# Create some links to main prefix
xinstall -d ${destroot}${prefix}/include/${my_name}
xinstall -d ${destroot}${prefix}/lib/${my_name}
ln -s ${my_prefix}/include/openssl ${destroot}/${prefix}/include/${my_name}/
foreach l [glob -tails -directory ${destroot}${my_prefix}/lib *] {
ln -s ${my_prefix}/lib/${l} ${destroot}/${prefix}/lib/${my_name}/${l}
}
foreach b [glob -tails -directory ${destroot}${my_prefix}/bin *] {
ln -s ${my_prefix}/bin/${b} ${destroot}/${prefix}/bin/${b}-${major_v}
}
# shared/man dir seems to still end up in ${prefix} and not libexec...
move ${destroot}${prefix}/share/man ${destroot}/${my_prefix}/share/
# Create link to certs from curl-ca-bundle in install prefix
ln -s ${prefix}/share/curl/curl-ca-bundle.crt ${destroot}${my_prefix}/etc/openssl/cert.pem
}
destroot.args MANDIR=${prefix}/share/man MANSUFFIX=ssl
variant rfc3779 description {enable RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers} {
configure.args-append enable-rfc3779
}
variant fips description {enable FIPS} {
configure.args-append enable-fips
}
variant legacy description {enable legacy providers by default} {
# See https://trac.macports.org/ticket/63857 for context
post-destroot {
set cnf [open ${destroot}${my_prefix}/etc/openssl/openssl.cnf a]
puts ${cnf} ""
puts ${cnf} "# MacPorts additions to enable legacy providers by default"
puts ${cnf} "\[openssl_init\]"
puts ${cnf} "providers = provider_sect"
puts ${cnf} "\[provider_sect\]"
puts ${cnf} "default = default_sect"
puts ${cnf} "legacy = legacy_sect"
puts ${cnf} "\[default_sect\]"
puts ${cnf} "activate = 1"
puts ${cnf} "\[legacy_sect\]"
puts ${cnf} "activate = 1"
close ${cnf}
}
}
default_variants-append +legacy
livecheck.type regex
livecheck.url [lindex ${master_sites} 0]
livecheck.regex openssl-(${major_v}.\[0-9.\]+\[a-z\]?)\\.tar\\.gz