# OpenSSL - a toolkit implementing SSL v2/v3 and TLS v1 protocols as
#           well as a full-strength general purpose cryptography
#           library.
# http://www.openssl.org/

[buildout]
extends =
  ../ca-certificates/buildout.cfg
  ../coreutils/buildout.cfg
  ../patch/buildout.cfg
  ../perl/buildout.cfg
  ../zlib/buildout.cfg

parts =
  openssl-output

[openssl-common]
recipe = slapos.recipe.cmmi
shared = true
location = @@LOCATION@@
# 'prefix' option to override --openssldir/--prefix (which is useful
# when combined with DESTDIR). Used by slapos.package.git/obs
prefix = ${:location}
make-install-extra =
certs = ${:location}/etc/ssl/certs
configure-command = ./config
configure-options =
  --with-zlib-include=${zlib:location}/include
  --with-zlib-lib=${zlib:location}/lib
  --openssldir=${:prefix}/etc/ssl
  --prefix=${:prefix}
  --libdir=lib
  shared no-idea no-mdc2 no-rc5 zlib
  -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${:location}/lib
  && make depend
make-options =
  SHARED_LDFLAGS='-Wl,-rpath=${:location}/lib -Wl,-rpath=${zlib:location}/lib'
make-targets =
  -j1 install_sw install_ssldirs ${:make-install-extra} &&
  rm -f ${:certs}/* &&
  for i in ${ca-certificates:location}/certs/*/*.crt; do
    ln -sfv $i ${:certs}/`${:location}/bin/openssl x509 -hash -noout -in $i`.0
  ; done
patch-binary = ${patch:location}/bin/patch
patch-options = -p1
environment =
  PATH=${patch:location}/bin:${perl:location}/bin:%(PATH)s

[openssl-3.0]
<= openssl-common
url = https://github.com/openssl/openssl/releases/download/openssl-3.0.16/openssl-3.0.16.tar.gz
md5sum = 7b6a9cded21b9fa51877444f5defebd4

[openssl-quictls]
<= openssl-3.0
url = https://github.com/quictls/openssl/archive/refs/tags/openssl-3.3.0-quic1.tar.gz
md5sum = 6c473e0a07926a2634e03055870e8370

[openssl-1.1]
<= openssl-common
url = https://www.openssl.org/source/openssl-1.1.1w.tar.gz
md5sum = 3f76825f195e52d4b10c70040681a275
patches =
  ${:_profile_base_location_}/debian_1.1.1w-0+deb11u2.patch#a5418f03948cd2f60f49f2d0ecad3717

[openssl]
<= openssl-3.0

[openssl-output]
# Shared binary location to ease migration
recipe = plone.recipe.command
stop-on-error = true
update-command = ${:command}
command = ${coreutils-output:test} -x ${:openssl}
openssl = ${openssl:location}/bin/openssl
bin = ${openssl:location}

[openssl-1.0]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.openssl.org/source/openssl-1.0.2u.tar.gz
md5sum = cdc2638f789ecc2db2c91488265686c1
location = @@LOCATION@@
# 'prefix' option to override --openssldir/--prefix (which is useful
# when combined with INSTALL_PREFIX). Used by slapos.package.git/obs
prefix = ${:location}
patch-binary = ${patch:location}/bin/patch
patches =
  ${:_profile_base_location_}/openssl-nodoc.patch#a78c14908fe9ec624b1fb9fa97e01bb9
  ${:_profile_base_location_}/openssl-1.0.2d-parallel-build.patch#e4cf66a48a85a0da68fd4842e6fab54b
patch-options = -p1
configure-command = ./config
configure-options =
  -I${zlib:location}/include
  -L${zlib:location}/lib
  --openssldir=${:prefix}/etc/ssl
  --prefix=${:prefix}
  --libdir=lib
  shared no-idea no-mdc2 no-rc5 zlib
  -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${:location}/lib
  && make depend
make-options =
  SHARED_LDFLAGS='-Wl,-rpath=${:location}/lib -Wl,-rpath=${zlib:location}/lib'
make-targets =
  install_sw && x=${:location}/etc/ssl/certs && rm -f $x/* &&
  for i in ${ca-certificates:location}/certs/*/*.crt; do
    ln -sfv $i $x/`${:location}/bin/openssl x509 -hash -noout -in $i`.0
  ; done
environment =
  PERL=${perl:location}/bin/perl
