|
1 # |
|
2 # CDDL HEADER START |
|
3 # |
|
4 # The contents of this file are subject to the terms of the |
|
5 # Common Development and Distribution License (the "License"). |
|
6 # You may not use this file except in compliance with the License. |
|
7 # |
|
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 # or http://www.opensolaris.org/os/licensing. |
|
10 # See the License for the specific language governing permissions |
|
11 # and limitations under the License. |
|
12 # |
|
13 # When distributing Covered Code, include this CDDL HEADER in each |
|
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 # If applicable, add the following below this CDDL HEADER, with the |
|
16 # fields enclosed by brackets "[]" replaced with your own identifying |
|
17 # information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 # |
|
19 # CDDL HEADER END |
|
20 # |
|
21 # Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. |
|
22 # |
|
23 |
|
24 Build Layout |
|
25 --- |
|
26 |
|
27 OpenSSL build is run three times. Once for 1.0.0 non-fips, once for 0.9.8 |
|
28 fips-140, and once for 0.9.8 FIPS-140 canister (in the openssl-fips component) |
|
29 needed to build 0.9.8 FIPS-140 certified libraries. All builds are done for 32 |
|
30 and 64 bits. So, in total, OpenSSL is built six times. |
|
31 |
|
32 See also comments in all three Makefiles for more information. |
|
33 |
|
34 The non-fips Build. |
|
35 --- |
|
36 |
|
37 The non-fips build is the main build of OpenSSL and includes the regular |
|
38 binaries, libraries, man pages, and header files. |
|
39 |
|
40 Patches |
|
41 --- |
|
42 |
|
43 08-6193522.patch |
|
44 Give CA.pl better defaults. See 6193522 for more information. |
|
45 |
|
46 11-6546806.patch |
|
47 Make sure the HMAC_CTX_init(3) man page gets delivered. See 6546806 for |
|
48 more information. |
|
49 |
|
50 14-manpage_openssl.patch |
|
51 Force openssl to install man pages into man[1357]openssl instead of man[1357]. |
|
52 |
|
53 15-pkcs11_engine-0.9.8a.patch |
|
54 Patch which adds the pkcs11 engine. See also the pkcs11-engine/ |
|
55 sub-directory. |
|
56 |
|
57 18-compiler_opts.patch |
|
58 Adds four Solaris specific configurations (both 32bit and 64bit for both sparc |
|
59 and x86) to Configure which are then explicitly used by the Makefiles. |
|
60 |
|
61 Care should be taken if modifying this patch as changes to compile-time options |
|
62 can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR. |
|
63 |
|
64 20-remove_rpath.patch |
|
65 Prevent build binaries having an unnecessary runpath (/lib). |
|
66 |
|
67 23-noexstack.patch |
|
68 Build with non-executable stacks and non-executable data (x86). |
|
69 |
|
70 27-6978791.patch |
|
71 Modifies Makefile.shared so that libssl is built with -znodelete. |
|
72 |
|
73 28-enginesdir.patch |
|
74 Adds a new "enginesdir" option to the Configure script which allows a user to |
|
75 specify the engines directory. |
|
76 |
|
77 29-devcrypto_engine.patch |
|
78 Modifies engines/Makefile so that the devcrypto engine will be built in the |
|
79 "engines" directory. |
|
80 |
|
81 opensslconf.patch |
|
82 Modifies opensslconf.h so that it is suitable for both 32bit and 64bit installs. |
|
83 OpenSSL either builds for 32bit or 64bit - it doesn't allow for combined 32bit |
|
84 and 64bit builds. |
|
85 |
|
86 The fips Build |
|
87 --- |
|
88 |
|
89 FIPS-140 certified libraries for Solaris private use. We wait for OpenSSL 1.0.0 |
|
90 to be FIPS-140 certified in which time we can ship only 1.0.0 with S11 and make |
|
91 it a public interface. |
|
92 |
|
93 Patches |
|
94 --- |
|
95 |
|
96 All the patches from 1.0.0 are used in 0.9.8 as well aside from |
|
97 14-manpage_openssl.patch which is not needed since we do not deliver 0.9.8 man |
|
98 pages. Additional patches: |
|
99 |
|
100 01-7009105.patch |
|
101 Fixing a bug introduces in 0.9.8q and fixed in 0.9.8r. |
|
102 |
|
103 sparc-01-ccwrap.patch |
|
104 Workaround so that fingerprinting the canister during runtime and comparing it |
|
105 with the saved fingerprint works correctly. |