Skip to content

Instantly share code, notes, and snippets.

@vincentbernat
Created October 8, 2011 11:05
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save vincentbernat/1272151 to your computer and use it in GitHub Desktop.
Patch for backporting OpenSSL 1.0.0e from Oneiric to Lucid.
diff -Naur openssl-1.0.0e/debian/changelog openssl-1.0.0e.new/debian/changelog
--- openssl-1.0.0e/debian/changelog 2011-09-27 18:16:34.000000000 +0200
+++ openssl-1.0.0e.new/debian/changelog 2011-09-30 16:25:48.000000000 +0200
@@ -1,3 +1,9 @@
+openssl (1.0.0e-2ubuntu2~bpohebex1) lucid; urgency=low
+
+ * Backport to Lucid: drop multi-arch support.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 30 Sep 2011 16:24:40 +0200
+
openssl (1.0.0e-2ubuntu2) oneiric; urgency=low
* Unapply patch c_rehash-multi and comment it out in the series as it breaks
diff -Naur openssl-1.0.0e/debian/control openssl-1.0.0e.new/debian/control
--- openssl-1.0.0e/debian/control 2011-09-15 21:05:04.000000000 +0200
+++ openssl-1.0.0e.new/debian/control 2011-09-30 16:24:47.000000000 +0200
@@ -1,5 +1,5 @@
Source: openssl
-Build-Depends: debhelper (>= 8.1.3), zlib1g-dev, m4, bc
+Build-Depends: debhelper (>= 7.4.15), zlib1g-dev, m4, bc
Section: utils
Priority: optional
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
diff -Naur openssl-1.0.0e/debian/libssl1.0.0.files openssl-1.0.0e.new/debian/libssl1.0.0.files
--- openssl-1.0.0e/debian/libssl1.0.0.files 2011-09-15 21:05:04.000000000 +0200
+++ openssl-1.0.0e.new/debian/libssl1.0.0.files 2011-10-03 14:17:25.000000000 +0200
@@ -1,5 +1,5 @@
+lib/*.so.*.*.*
lib/*/*.so.*.*.*
-lib/*/*/*.so.*.*.*
-lib/*/i686/cmov/*.so.*.*.*
-usr/lib/*/*.so.*.*.*
-usr/lib/*/openssl-1.0.0/engines
+lib/i686/cmov/*.so.*.*.*
+usr/lib/*.so.*.*.*
+usr/lib/openssl-1.0.0/engines
diff -Naur openssl-1.0.0e/debian/libssl-dev.files openssl-1.0.0e.new/debian/libssl-dev.files
--- openssl-1.0.0e/debian/libssl-dev.files 2011-09-15 21:05:04.000000000 +0200
+++ openssl-1.0.0e.new/debian/libssl-dev.files 2011-10-03 14:18:06.000000000 +0200
@@ -1,6 +1,6 @@
-usr/lib/*/libssl.so
-usr/lib/*/libcrypto.so
-usr/lib/*/libssl.a
-usr/lib/*/libcrypto.a
-usr/lib/*/pkgconfig
+usr/lib/libssl.so
+usr/lib/libcrypto.so
+usr/lib/libssl.a
+usr/lib/libcrypto.a
+usr/lib/pkgconfig
usr/include
diff -Naur openssl-1.0.0e/debian/rules openssl-1.0.0e.new/debian/rules
--- openssl-1.0.0e/debian/rules 2011-09-15 21:05:04.000000000 +0200
+++ openssl-1.0.0e.new/debian/rules 2011-09-30 16:57:53.000000000 +0200
@@ -19,8 +19,6 @@
DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH)
DEB_HOST_ARCH_OS = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
-DEB_HOST_MULTIARCH=$(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-
DEB_HOST_GNU_TYPE=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
DEB_BUILD_GNU_TYPE=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
@@ -31,7 +29,7 @@
MAKE_TEST=make test
endif
-CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2
+CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2
OPT_alpha = ev4 ev5
ARCHOPTS = OPT_$(DEB_HOST_ARCH)
OPTS = $($(ARCHOPTS))
@@ -124,23 +122,23 @@
# pic static libraries, nobody should need them
# mv debian/tmp/usr/lib/libcrypto.a debian/tmp/usr/lib/libcrypto_pic.a
# mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a
- cp -pf libcrypto.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.a
- cp -pf libssl.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.a
+ cp -pf libcrypto.static debian/tmp/usr/lib/libcrypto.a
+ cp -pf libssl.static debian/tmp/usr/lib/libssl.a
# move runtime libraries to /lib
- install -d debian/tmp/lib/$(DEB_HOST_MULTIARCH)
- mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/lib*.so.* debian/tmp/lib/$(DEB_HOST_MULTIARCH)
- ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so
- ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so
+ install -d debian/tmp/lib
+ mv debian/tmp/usr/lib/lib*.so.* debian/tmp/lib
+ ln -sf /lib/$$(readlink debian/tmp/usr/lib/libcrypto.so) debian/tmp/usr/lib/libcrypto.so
+ ln -sf /lib/$$(readlink debian/tmp/usr/lib/libssl.so) debian/tmp/usr/lib/libssl.so
ifneq ($(DEB_HOST_ARCH_OS),hurd)
# leave symlinks behind due to rpath in old versions
- for x in debian/tmp/lib/$(DEB_HOST_MULTIARCH)/lib*.so.*; do ln -s /lib/$(DEB_HOST_MULTIARCH)/$$(basename $$x) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$$(basename $$x); done
+ for x in debian/tmp/lib/lib*.so.*; do ln -s /lib/$$(basename $$x) debian/tmp/usr/lib/$$(basename $$x); done
endif
mkdir -p debian/tmp/etc/ssl
mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/
ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/
- cp -pf debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.0.0-udeb/lib/
- cp -pf debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libssl.so.* debian/libssl1.0.0-udeb/lib/
- for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$opt; cp -auv $$opt/lib*.so* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$opt/; done
+ cp -pf debian/tmp/lib/libcrypto.so.* debian/libcrypto1.0.0-udeb/lib/
+ cp -pf debian/tmp/lib/libssl.so.* debian/libssl1.0.0-udeb/lib/
+ for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/lib/$$opt; cp -auv $$opt/lib*.so* debian/tmp/lib/$$opt/; done
install debian/copyright debian/libssl1.0.0/usr/share/doc/libssl1.0.0/
install debian/changelog debian/libssl1.0.0/usr/share/doc/libssl1.0.0/changelog.Debian
install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/
@@ -166,7 +164,7 @@
dpkg-gensymbols -Pdebian/libssl1.0.0/ -plibssl1.0.0 -c4
dh_makeshlibs -a -V "libssl1.0.0 (>= 1.0.0)" --add-udeb="libcrypto1.0.0-udeb"
sed -i '/^udeb: libssl/s/libcrypto1.0.0-udeb/libssl1.0.0-udeb/' debian/libssl1.0.0/DEBIAN/shlibs
- dh_shlibdeps -a -L libssl1.0.0 -l debian/libssl1.0.0/lib/$(DEB_HOST_MULTIARCH)
+ dh_shlibdeps -a -L libssl1.0.0 -l debian/libssl1.0.0/lib
dh_gencontrol -a
dh_installdeb -a
dh_md5sums -a
@theflow
Copy link

theflow commented Feb 2, 2012

Hi Vincent,

thanks a lot for this patch! However, the libssl built with this patch seems to be missing any engines:

lb1-staging:~/ssl# openssl engine -v -t
(dynamic) Dynamic engine loading support
[ unavailable ]
SO_PATH, NO_VCHECK, ID, LIST_ADD, DIR_LOAD, DIR_ADD, LOAD

whereas the lucid supplied version has aesni available.

Any idea how to enable that?

@vincentbernat
Copy link
Author

Hi !

Did you also apply this patch on top of 1.0.0e-2ubuntu2 or did you use some other version?

@theflow
Copy link

theflow commented Feb 8, 2012

I followed the steps you outlined here: http://www.mail-archive.com/haproxy@formilux.org/msg06137.html

I got it working now by running configure/make install instead of building a deb and then statically linking stud with that version. Weird.

@vincentbernat
Copy link
Author

vincentbernat commented Feb 8, 2012 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment