initial buildroot for linux 5.15

This commit is contained in:
Huan.Feng
2021-12-06 14:12:13 +08:00
parent d7767d594e
commit 7b6fc358fa
12736 changed files with 508822 additions and 0 deletions
@@ -0,0 +1,33 @@
From d8f104bffb0c4acb8c5fcdf49628f7d02ed48f7f Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 16 May 2015 18:53:51 +0200
Subject: [PATCH] Dont waste time building manpages if we're not going to use
em.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
[Gustavo: update for parallel-build]
[rebased on openssl-1.1.0h]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[rebased on openssl-1.1.1i]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
Configurations/unix-Makefile.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 40cf2c3..777d9ca 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -491,7 +491,7 @@ list-tests:
@echo "Tests are not supported with your chosen Configure options"
@ : {- output_on() if !$disabled{tests}; "" -}
-install: install_sw install_ssldirs install_docs
+install: install_sw install_ssldirs
uninstall: uninstall_docs uninstall_sw
--
2.16.3
@@ -0,0 +1,29 @@
From b70be8c65365a8fc564226360d45adbbb29fc0af Mon Sep 17 00:00:00 2001
From: Peter Seiderer <ps.report@gmx.net>
Date: Tue, 24 Oct 2017 16:58:32 +0200
Subject: [PATCH] Reproducible build: do not leak compiler path
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Rebased on openssl-1.1.1.a]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
crypto/build.info | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/build.info b/crypto/build.info
index 2c619c6..49ca6ab 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
DEPEND[cversion.o]=buildinf.h
-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$$(basename $(CC)) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
DEPEND[buildinf.h]=../configdata.pm
GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
--
2.20.1
@@ -0,0 +1,27 @@
From 1281ffc7959bd2070563e17a52ee4424196d885c Mon Sep 17 00:00:00 2001
From: Patrick Havelange <patrick.havelange@essensium.com>
Date: Wed, 23 Jan 2019 12:21:21 +0100
Subject: [PATCH] Introduce the OPENSSL_NO_MADVISE to disable call to madvise()
Upstream: https://github.com/openssl/openssl/pull/8089
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
---
crypto/mem_sec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 9e0f670..32c7282 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -485,7 +485,7 @@ static int sh_init(size_t size, int minsize)
if (mlock(sh.arena, sh.arena_size) < 0)
ret = 2;
#endif
-#ifdef MADV_DONTDUMP
+#if defined(MADV_DONTDUMP) && !defined(OPENSSL_NO_MADVISE)
if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
ret = 2;
#endif
--
2.17.1
@@ -0,0 +1,37 @@
From b57cc2e4ee21babacbffc243626de72c248068ea Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sun, 5 May 2019 18:30:55 +0200
Subject: [PATCH] Configure: use ELFv2 ABI on some ppc64 big endian systems
If _CALL_ELF is defined to be 2, it's an ELFv2 system.
Conditionally switch to the v2 perlasm scheme.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8883)
[vfazio: fixup for 1.1.1d]
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
[rebased on openssl-1.1.1i]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
Configure | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Configure b/Configure
index 5a699836f3..f9152b1702 100755
--- a/Configure
+++ b/Configure
@@ -1417,6 +1417,10 @@ my %predefined_CXX = $config{CXX}
? compiler_predefined($config{CROSS_COMPILE}.$config{CXX})
: ();
+if ($target eq "linux-ppc64" && !$disabled{asm}) {
+ $target{perlasm_scheme} = "linux64v2" if ($predefined_C{_CALL_ELF} == 2);
+}
+
# Check for makedepend capabilities.
if (!$disabled{makedepend}) {
if ($config{target} =~ /^(VC|vms)-/) {
--
2.25.0
@@ -0,0 +1,64 @@
From 07a0bbdd179a52907485fd793f0df31c097447af Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sun, 5 May 2019 18:25:50 +0200
Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is a big endian ELFv2 configuration. ELFv2 was already being
used for little endian, and big endian was traditionally ELFv1
but there are practical configurations that use ELFv2 with big
endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8883)
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
---
crypto/perlasm/ppc-xlate.pl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
index d220c6245b..eec82b8d48 100755
--- a/crypto/perlasm/ppc-xlate.pl
+++ b/crypto/perlasm/ppc-xlate.pl
@@ -49,7 +49,7 @@ my $globl = sub {
/osx/ && do { $name = "_$name";
last;
};
- /linux.*(32|64le)/
+ /linux.*(32|64(le|v2))/
&& do { $ret .= ".globl $name";
if (!$$type) {
$ret .= "\n.type $name,\@function";
@@ -80,7 +80,7 @@ my $globl = sub {
};
my $text = sub {
my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
- $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64le/);
+ $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/);
$ret;
};
my $machine = sub {
@@ -186,7 +186,7 @@ my $vmr = sub {
# Some ABIs specify vrsave, special-purpose register #256, as reserved
# for system use.
-my $no_vrsave = ($flavour =~ /aix|linux64le/);
+my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/);
my $mtspr = sub {
my ($f,$idx,$ra) = @_;
if ($idx == 256 && $no_vrsave) {
@@ -318,7 +318,7 @@ while($line=<>) {
if ($label) {
my $xlated = ($GLOBALS{$label} or $label);
print "$xlated:";
- if ($flavour =~ /linux.*64le/) {
+ if ($flavour =~ /linux.*64(le|v2)/) {
if ($TYPES{$label} =~ /function/) {
printf "\n.localentry %s,0\n",$xlated;
}
--
2.25.0
@@ -0,0 +1,61 @@
From 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@wdc.com>
Date: Thu, 29 Aug 2019 13:56:21 -0700
Subject: [PATCH] Add support for io_pgetevents_time64 syscall
32-bit architectures that are y2038 safe don't include syscalls that use
32-bit time_t. Instead these architectures have suffixed syscalls that
always use a 64-bit time_t. In the case of the io_getevents syscall the
syscall has been replaced with the io_pgetevents_time64 syscall instead.
This patch changes the io_getevents() function to use the correct
syscall based on the avaliable syscalls and the time_t size. We will
only use the new 64-bit time_t syscall if the architecture is using a
64-bit time_t. This is to avoid having to deal with 32/64-bit
conversions and relying on a 64-bit timespec struct on 32-bit time_t
platforms. As of Linux 5.3 there are no 32-bit time_t architectures
without __NR_io_getevents. In the future if a 32-bit time_t architecture
wants to use the 64-bit syscalls we can handle the conversion.
This fixes build failures on 32-bit RISC-V.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9819)
---
engines/e_afalg.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index dacbe358cb..99516cb1bb 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
struct io_event *events,
struct timespec *timeout)
{
+#if defined(__NR_io_getevents)
return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
+#elif defined(__NR_io_pgetevents_time64)
+ /* Let's only support the 64 suffix syscalls for 64-bit time_t.
+ * This simplifies the code for us as we don't need to use a 64-bit
+ * version of timespec with a 32-bit time_t and handle converting
+ * between 64-bit and 32-bit times and check for overflows.
+ */
+ if (sizeof(timeout->tv_sec) == 8)
+ return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
+ else {
+ errno = ENOSYS;
+ return -1;
+ }
+#else
+# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
+#endif
}
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
--
2.25.1
@@ -0,0 +1,98 @@
From e5499a3cac1e823c3e0697e8667e952317b70cc8 Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@wdc.com>
Date: Thu, 4 Mar 2021 12:10:11 -0500
Subject: [PATCH] Fixup support for io_pgetevents_time64 syscall
This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
"Add support for io_pgetevents_time64 syscall" that didn't correctly
work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V.
For a full discussion of the issue see:
https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14432)
---
engines/e_afalg.c | 55 ++++++++++++++++++++++++++++++++++++-----------
1 file changed, 42 insertions(+), 13 deletions(-)
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index 9480d7c24b..4e9d67db2d 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -124,27 +124,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
return syscall(__NR_io_submit, ctx, n, iocb);
}
+/* A version of 'struct timespec' with 32-bit time_t and nanoseconds. */
+struct __timespec32
+{
+ __kernel_long_t tv_sec;
+ __kernel_long_t tv_nsec;
+};
+
static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
struct io_event *events,
struct timespec *timeout)
{
+#if defined(__NR_io_pgetevents_time64)
+ /* Check if we are a 32-bit architecture with a 64-bit time_t */
+ if (sizeof(*timeout) != sizeof(struct __timespec32)) {
+ int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events,
+ timeout, NULL);
+ if (ret == 0 || errno != ENOSYS)
+ return ret;
+ }
+#endif
+
#if defined(__NR_io_getevents)
- return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
-#elif defined(__NR_io_pgetevents_time64)
- /* Let's only support the 64 suffix syscalls for 64-bit time_t.
- * This simplifies the code for us as we don't need to use a 64-bit
- * version of timespec with a 32-bit time_t and handle converting
- * between 64-bit and 32-bit times and check for overflows.
- */
- if (sizeof(timeout->tv_sec) == 8)
- return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
+ if (sizeof(*timeout) == sizeof(struct __timespec32))
+ /*
+ * time_t matches our architecture length, we can just use
+ * __NR_io_getevents
+ */
+ return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
else {
- errno = ENOSYS;
- return -1;
+ /*
+ * We don't have __NR_io_pgetevents_time64, but we are using a
+ * 64-bit time_t on a 32-bit architecture. If we can fit the
+ * timeout value in a 32-bit time_t, then let's do that
+ * and then use the __NR_io_getevents syscall.
+ */
+ if (timeout && timeout->tv_sec == (long)timeout->tv_sec) {
+ struct __timespec32 ts32;
+
+ ts32.tv_sec = (__kernel_long_t) timeout->tv_sec;
+ ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec;
+
+ return syscall(__NR_io_getevents, ctx, min, max, events, ts32);
+ } else {
+ return syscall(__NR_io_getevents, ctx, min, max, events, NULL);
+ }
}
-#else
-# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
#endif
+
+ errno = ENOSYS;
+ return -1;
}
static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
--
2.25.1
+138
View File
@@ -0,0 +1,138 @@
if BR2_PACKAGE_LIBOPENSSL
# 4xx PowerPC cores seem to have trouble with openssl's ASM
# optimizations
config BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH_LINUX_PPC
bool
default y if BR2_powerpc
depends on !BR2_powerpc_401
depends on !BR2_powerpc_403
depends on !BR2_powerpc_405
depends on !BR2_powerpc_405fp
depends on !BR2_powerpc_440
depends on !BR2_powerpc_440fp
config BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH
string
# Doesn't work for thumb-only (Cortex-M?)
default "linux-armv4" if BR2_ARM_CPU_HAS_ARM
default "linux-aarch64" if BR2_aarch64
default "linux-ppc" if BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH_LINUX_PPC
default "linux-ppc64" if BR2_powerpc64
default "linux-ppc64le" if BR2_powerpc64le
default "linux-x86" if BR2_i386
default "linux-x86_64" if BR2_x86_64
# no-asm is needed with generic architectures such as
# linux-generic{32,64}, see
# https://github.com/openssl/openssl/issues/9839
default "linux-generic64 no-asm" if BR2_ARCH_IS_64 && !BR2_MIPS_NABI32
default "linux-generic32 no-asm"
config BR2_PACKAGE_LIBOPENSSL_BIN
bool "openssl binary"
help
Install the openssl binary and the associated helper scripts
to the target file system. This is a command line tool for
doing various cryptographic stuff.
config BR2_PACKAGE_LIBOPENSSL_ENGINES
bool "openssl additional engines"
help
Install additional encryption engine libraries.
config BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA
bool "enable CHACHA"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5
bool "enable RC5"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2
bool "enable RC2"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4
bool "enable RC4"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD2
bool "enable MD2"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4
bool "enable MD4"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_MDC2
bool "enable MDC2"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_BLAKE2
bool "enable BLAKE2"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_IDEA
bool "enable IDEA"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SEED
bool "enable SEED"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_DES
bool "enable DES"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160
bool "enable RMD160"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_WHIRLPOOL
bool "enable WHIRLPOOL"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH
bool "enable BLOWFISH"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL
bool "enable SSL"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL2
bool "enable SSL2"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL3
bool "enable SSL3"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_WEAK_SSL
bool "enable WEAK_SSL"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_PSK
bool "enable mode PSK"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST
bool "enable mode CAST"
default y
config BR2_PACKAGE_LIBOPENSSL_UNSECURE
bool "enable unit test, debug, backtrace"
default y
help
Enable unit-test crypto-mdebug-backtrace
crypto-mdebug autoerrinit mode.
config BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE
bool "enable dynamic engine"
default y
config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP
bool "enable compression"
default y
endif # BR2_PACKAGE_LIBOPENSSL
+5
View File
@@ -0,0 +1,5 @@
# From https://www.openssl.org/source/openssl-1.1.1l.tar.gz.sha256
sha256 0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1 openssl-1.1.1l.tar.gz
# License files
sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE
+181
View File
@@ -0,0 +1,181 @@
################################################################################
#
# libopenssl
#
################################################################################
LIBOPENSSL_VERSION = 1.1.1l
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
LIBOPENSSL_LICENSE_FILES = LICENSE
LIBOPENSSL_INSTALL_STAGING = YES
LIBOPENSSL_DEPENDENCIES = zlib
HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH))
LIBOPENSSL_CFLAGS = $(TARGET_CFLAGS)
LIBOPENSSL_PROVIDES = openssl
LIBOPENSSL_CPE_ID_VENDOR = $(LIBOPENSSL_PROVIDES)
LIBOPENSSL_CPE_ID_PRODUCT = $(LIBOPENSSL_PROVIDES)
ifeq ($(BR2_m68k_cf),y)
# relocation truncated to fit: R_68K_GOT16O
LIBOPENSSL_CFLAGS += -mxgot
# resolves an assembler "out of range error" with blake2 and sha512 algorithms
LIBOPENSSL_CFLAGS += -DOPENSSL_SMALL_FOOTPRINT
endif
ifeq ($(BR2_USE_MMU),)
LIBOPENSSL_CFLAGS += -DHAVE_FORK=0 -DOPENSSL_NO_MADVISE
endif
ifeq ($(BR2_PACKAGE_HAS_CRYPTODEV),y)
LIBOPENSSL_DEPENDENCIES += cryptodev
endif
# fixes the following build failures:
#
# - musl
# ./libcrypto.so: undefined reference to `getcontext'
# ./libcrypto.so: undefined reference to `setcontext'
# ./libcrypto.so: undefined reference to `makecontext'
#
# - uclibc:
# crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name 'ucontext_t'
#
ifeq ($(BR2_TOOLCHAIN_USES_MUSL),y)
LIBOPENSSL_CFLAGS += -DOPENSSL_NO_ASYNC
endif
ifeq ($(BR2_TOOLCHAIN_HAS_UCONTEXT),)
LIBOPENSSL_CFLAGS += -DOPENSSL_NO_ASYNC
endif
define HOST_LIBOPENSSL_CONFIGURE_CMDS
(cd $(@D); \
$(HOST_CONFIGURE_OPTS) \
./config \
--prefix=$(HOST_DIR) \
--openssldir=$(HOST_DIR)/etc/ssl \
no-tests \
no-fuzz-libfuzzer \
no-fuzz-afl \
shared \
zlib-dynamic \
)
$(SED) "s#-O[0-9sg]#$(HOST_CFLAGS)#" $(@D)/Makefile
endef
define LIBOPENSSL_CONFIGURE_CMDS
(cd $(@D); \
$(TARGET_CONFIGURE_ARGS) \
$(TARGET_CONFIGURE_OPTS) \
./Configure \
$(LIBOPENSSL_TARGET_ARCH) \
--prefix=/usr \
--openssldir=/etc/ssl \
$(if $(BR2_TOOLCHAIN_HAS_LIBATOMIC),-latomic) \
$(if $(BR2_TOOLCHAIN_HAS_THREADS),threads,no-threads) \
$(if $(BR2_STATIC_LIBS),no-shared,shared) \
$(if $(BR2_PACKAGE_HAS_CRYPTODEV),enable-devcryptoeng) \
no-rc5 \
enable-camellia \
enable-mdc2 \
no-tests \
no-fuzz-libfuzzer \
no-fuzz-afl \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA),,no-chacha) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5),,no-rc5) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2),,no-rc2) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4),,no-rc4) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD2),,no-md2) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4),,no-md4) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MDC2),,no-mdc2) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_BLAKE2),,no-blake2) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_IDEA),,no-idea) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SEED),,no-seed) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_DES),,no-des) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160),,no-rmd160) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_WHIRLPOOL),,no-whirlpool) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH),,no-bf) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL),,no-ssl) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL2),,no-ssl2) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL3),,no-ssl3) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_WEAK_SSL),,no-weak-ssl-ciphers) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PSK),,no-psk) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST),,no-cast) \
$(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug-backtrace no-crypto-mdebug no-autoerrinit) \
$(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \
$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
$(if $(BR2_STATIC_LIBS),no-dso) \
)
$(SED) "s#-march=[-a-z0-9] ##" -e "s#-mcpu=[-a-z0-9] ##g" $(@D)/Makefile
$(SED) "s#-O[0-9sg]#$(LIBOPENSSL_CFLAGS)#" $(@D)/Makefile
$(SED) "s# build_tests##" $(@D)/Makefile
endef
# libdl is not available in a static build, and this is not implied by no-dso
ifeq ($(BR2_STATIC_LIBS),y)
define LIBOPENSSL_FIXUP_STATIC_MAKEFILE
$(SED) 's#-ldl##g' $(@D)/Makefile
endef
LIBOPENSSL_POST_CONFIGURE_HOOKS += LIBOPENSSL_FIXUP_STATIC_MAKEFILE
endif
define HOST_LIBOPENSSL_BUILD_CMDS
$(HOST_MAKE_ENV) $(MAKE) -C $(@D)
endef
define LIBOPENSSL_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)
endef
define LIBOPENSSL_INSTALL_STAGING_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) install
endef
define HOST_LIBOPENSSL_INSTALL_CMDS
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) install
endef
define LIBOPENSSL_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
rm -rf $(TARGET_DIR)/usr/lib/ssl
rm -f $(TARGET_DIR)/usr/bin/c_rehash
endef
# libdl has no business in a static build
ifeq ($(BR2_STATIC_LIBS),y)
define LIBOPENSSL_FIXUP_STATIC_PKGCONFIG
$(SED) 's#-ldl##' $(STAGING_DIR)/usr/lib/pkgconfig/libcrypto.pc
$(SED) 's#-ldl##' $(STAGING_DIR)/usr/lib/pkgconfig/libssl.pc
$(SED) 's#-ldl##' $(STAGING_DIR)/usr/lib/pkgconfig/openssl.pc
endef
LIBOPENSSL_POST_INSTALL_STAGING_HOOKS += LIBOPENSSL_FIXUP_STATIC_PKGCONFIG
endif
ifeq ($(BR2_PACKAGE_PERL),)
define LIBOPENSSL_REMOVE_PERL_SCRIPTS
$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.pl,tsget}
endef
LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_PERL_SCRIPTS
endif
ifeq ($(BR2_PACKAGE_LIBOPENSSL_BIN),)
define LIBOPENSSL_REMOVE_BIN
$(RM) -f $(TARGET_DIR)/usr/bin/openssl
$(RM) -f $(TARGET_DIR)/etc/ssl/misc/{CA.*,c_*}
endef
LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_BIN
endif
ifneq ($(BR2_PACKAGE_LIBOPENSSL_ENGINES),y)
define LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
rm -rf $(TARGET_DIR)/usr/lib/engines-1.1
endef
LIBOPENSSL_POST_INSTALL_TARGET_HOOKS += LIBOPENSSL_REMOVE_LIBOPENSSL_ENGINES
endif
$(eval $(generic-package))
$(eval $(host-generic-package))