package/libs/openssl/engine.mk

   1 ENGINES_DIR=engines-1.1
   2
   3 define Package/openssl/engine/Default
   4   SECTION:=libs
   5   CATEGORY:=Libraries
   6   SUBMENU:=SSL
   7   DEPENDS:=libopenssl @OPENSSL_ENGINE +libopenssl-conf
   8 endef
   9
  10 # 1 = engine name
  11 # 2 - package name, defaults to libopenssl-$(1)
  12 define Package/openssl/add-engine
  13   OSSL_ENG_PKG:=$(if $(2),$(2),libopenssl-$(1))
  14   Package/$$(OSSL_ENG_PKG)/conffiles:=/etc/ssl/engines.cnf.d/$(1).cnf
  15
  16   define Package/$$(OSSL_ENG_PKG)/install
  17         $$(INSTALL_DIR)  $$(1)/usr/lib/$(ENGINES_DIR)
  18         $$(INSTALL_BIN)  $$(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/$(1).so \
  19                          $$(1)/usr/lib/$(ENGINES_DIR)
  20         $$(INSTALL_DIR)  $$(1)/etc/ssl/engines.cnf.d
  21         $$(INSTALL_DATA) ./files/$(1).cnf $$(1)/etc/ssl/engines.cnf.d/
  22   endef
  23
  24   define Package/$$(OSSL_ENG_PKG)/postinst :=
  25 #!/bin/sh
  26 # $$$$1 == non-empty: suggest reinstall
  27 error_out() {
  28     [ "$1" ] && cat <<- EOF
  29         Reinstalling the libopenssl-conf package may fix this:
  30
  31             opkg install --force-reinstall libopenssl-conf
  32         EOF
  33     cat <<- EOF
  34
  35         Then, you will have to reinstall this package, and any other engine package you have
  36         you have previously installed to ensure they are enabled:
  37
  38             opkg install --force-reinstall $$(OSSL_ENG_PKG) [OTHER_ENGINE_PKG]...
  39
  40         EOF
  41     exit 1
  42 }
  43 ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"
  44 OPENSSL_CNF="$$$${IPKG_INSTROOT}/etc/ssl/openssl.cnf"
  45 if [ ! -f "$$$${OPENSSL_CNF}" ]; then
  46     echo -e "ERROR: File $$$${OPENSSL_CNF} not found."
  47     error_out reinstall
  48 fi
  49 if ! grep -q "^.include /etc/ssl/engines.cnf.d" "$$$${OPENSSL_CNF}"; then
  50     cat <<- EOF
  51         Your /etc/ssl/openssl.cnf file is not loading engine configuration files from
  52         /etc/ssl/engines.cnf.d.  You should consider start with a fresh, updated OpenSSL config by
  53         running:
  54
  55             opkg install --force-reinstall --force-maintainer libopenssl-conf
  56
  57         The above command will overwrite any changes you may have made to both /etc/ssl/openssl.cnf
  58         and /etc/ssl/engines.cnf.d/engines.cnf files, so back them up first!
  59         EOF
  60     error_out
  61 fi
  62 if [ ! -f "$$$${ENGINES_CNF}" ]; then
  63     echo "Can't configure $$(OSSL_ENG_PKG): File $$$${ENGINES_CNF} not found."
  64     error_out reinstall
  65 fi
  66 if grep -q "$(1)=$(1)" "$$$${ENGINES_CNF}"; then
  67     echo "$$(OSSL_ENG_PKG): $(1) engine was already configured.  Nothing to be done."
  68 else
  69     echo "$(1)=$(1)" >> "$$$${ENGINES_CNF}"
  70     echo "$$(OSSL_ENG_PKG): $(1) engine enabled.  All done!"
  71 fi
  72   endef
  73
  74   define Package/$$(OSSL_ENG_PKG)/prerm :=
  75 #!/bin/sh
  76 ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"
  77 [ -f "$$$${ENGINES_CNF}" ] || exit 0
  78 sed -e '/$(1)=$(1)/d' -i "$$$${ENGINES_CNF}"
  79   endef
  80 endef
  81
  82