openwrt/package/libs/openssl/engine.mk

ENGINES_DIR=engines-1.1

define Package/openssl/engine/Default
  SECTION:=libs
  CATEGORY:=Libraries
  SUBMENU:=SSL
  DEPENDS:=libopenssl @OPENSSL_ENGINE +libopenssl-conf
endef

# 1 = engine name
# 2 - package name, defaults to libopenssl-$(1)
define Package/openssl/add-engine
  OSSL_ENG_PKG:=$(if $(2),$(2),libopenssl-$(1))
  Package/$$(OSSL_ENG_PKG)/conffiles:=/etc/ssl/engines.cnf.d/$(1).cnf

  define Package/$$(OSSL_ENG_PKG)/install
	$$(INSTALL_DIR)  $$(1)/usr/lib/$(ENGINES_DIR)
	$$(INSTALL_BIN)  $$(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/$(1).so \
			 $$(1)/usr/lib/$(ENGINES_DIR)
	$$(INSTALL_DIR)  $$(1)/etc/ssl/engines.cnf.d
	$$(INSTALL_DATA) ./files/$(1).cnf $$(1)/etc/ssl/engines.cnf.d/
  endef

  define Package/$$(OSSL_ENG_PKG)/postinst :=
#!/bin/sh
# $$$$1 == non-empty: suggest reinstall
error_out() {
    [ "$1" ] && cat <<- EOF
	Reinstalling the libopenssl-conf package may fix this:

	    opkg install --force-reinstall libopenssl-conf
	EOF
    cat <<- EOF

	Then, you will have to reinstall this package, and any other engine package you have
	you have previously installed to ensure they are enabled:

	    opkg install --force-reinstall $$(OSSL_ENG_PKG) [OTHER_ENGINE_PKG]...

	EOF
    exit 1
}
ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"
OPENSSL_CNF="$$$${IPKG_INSTROOT}/etc/ssl/openssl.cnf"
if [ ! -f "$$$${OPENSSL_CNF}" ]; then
    echo -e "ERROR: File $$$${OPENSSL_CNF} not found."
    error_out reinstall
fi
if ! grep -q "^.include /etc/ssl/engines.cnf.d" "$$$${OPENSSL_CNF}"; then
    cat <<- EOF
	Your /etc/ssl/openssl.cnf file is not loading engine configuration files from
	/etc/ssl/engines.cnf.d.  You should consider start with a fresh, updated OpenSSL config by
	running:

	    opkg install --force-reinstall --force-maintainer libopenssl-conf

	The above command will overwrite any changes you may have made to both /etc/ssl/openssl.cnf
	and /etc/ssl/engines.cnf.d/engines.cnf files, so back them up first!
	EOF
    error_out
fi
if [ ! -f "$$$${ENGINES_CNF}" ]; then
    echo "Can't configure $$(OSSL_ENG_PKG): File $$$${ENGINES_CNF} not found."
    error_out reinstall
fi
if grep -q "$(1)=$(1)" "$$$${ENGINES_CNF}"; then
    echo "$$(OSSL_ENG_PKG): $(1) engine was already configured.  Nothing to be done."
else
    echo "$(1)=$(1)" >> "$$$${ENGINES_CNF}"
    echo "$$(OSSL_ENG_PKG): $(1) engine enabled.  All done!"
fi
  endef

  define Package/$$(OSSL_ENG_PKG)/prerm :=
#!/bin/sh
ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"
[ -f "$$$${ENGINES_CNF}" ] || exit 0
sed -e '/$(1)=$(1)/d' -i "$$$${ENGINES_CNF}"
  endef
endef
openssl: configure engine packages during install This enables an engine during its package's installation, by adding it to the engines list in /etc/ssl/engines.cnf.d/engines.cnf. The engine build system was reworked, with the addition of an engine.mk file that groups some of the engine packages' definitions, and could be used by out of tree engines as well. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2022-02-21 00:09:29 +00:00			`ENGINES_DIR=engines-1.1`

			`define Package/openssl/engine/Default`
			`SECTION:=libs`
			`CATEGORY:=Libraries`
			`SUBMENU:=SSL`
			`DEPENDS:=libopenssl @OPENSSL_ENGINE +libopenssl-conf`
			`endef`

			`# 1 = engine name`
			`# 2 - package name, defaults to libopenssl-$(1)`
			`define Package/openssl/add-engine`
			`OSSL_ENG_PKG:=$(if $(2),$(2),libopenssl-$(1))`
			`Package/$$(OSSL_ENG_PKG)/conffiles:=/etc/ssl/engines.cnf.d/$(1).cnf`

			`define Package/$$(OSSL_ENG_PKG)/install`
			`$$(INSTALL_DIR) $$(1)/usr/lib/$(ENGINES_DIR)`
			`$$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/$(1).so \`
			`$$(1)/usr/lib/$(ENGINES_DIR)`
			`$$(INSTALL_DIR) $$(1)/etc/ssl/engines.cnf.d`
			`$$(INSTALL_DATA) ./files/$(1).cnf $$(1)/etc/ssl/engines.cnf.d/`
			`endef`

			`define Package/$$(OSSL_ENG_PKG)/postinst :=`
			`#!/bin/sh`
			`# $$$$1 == non-empty: suggest reinstall`
			`error_out() {`
			`[ "$1" ] && cat <<- EOF`
			`Reinstalling the libopenssl-conf package may fix this:`

			`opkg install --force-reinstall libopenssl-conf`
			`EOF`
			`cat <<- EOF`

			`Then, you will have to reinstall this package, and any other engine package you have`
			`you have previously installed to ensure they are enabled:`

			`opkg install --force-reinstall $$(OSSL_ENG_PKG) [OTHER_ENGINE_PKG]...`

			`EOF`
			`exit 1`
			`}`
			`ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"`
			`OPENSSL_CNF="$$$${IPKG_INSTROOT}/etc/ssl/openssl.cnf"`
			`if [ ! -f "$$$${OPENSSL_CNF}" ]; then`
			`echo -e "ERROR: File $$$${OPENSSL_CNF} not found."`
			`error_out reinstall`
			`fi`
			`if ! grep -q "^.include /etc/ssl/engines.cnf.d" "$$$${OPENSSL_CNF}"; then`
			`cat <<- EOF`
			`Your /etc/ssl/openssl.cnf file is not loading engine configuration files from`
			`/etc/ssl/engines.cnf.d. You should consider start with a fresh, updated OpenSSL config by`
			`running:`

			`opkg install --force-reinstall --force-maintainer libopenssl-conf`

			`The above command will overwrite any changes you may have made to both /etc/ssl/openssl.cnf`
			`and /etc/ssl/engines.cnf.d/engines.cnf files, so back them up first!`
			`EOF`
			`error_out`
			`fi`
			`if [ ! -f "$$$${ENGINES_CNF}" ]; then`
			`echo "Can't configure $$(OSSL_ENG_PKG): File $$$${ENGINES_CNF} not found."`
			`error_out reinstall`
			`fi`
			`if grep -q "$(1)=$(1)" "$$$${ENGINES_CNF}"; then`
			`echo "$$(OSSL_ENG_PKG): $(1) engine was already configured. Nothing to be done."`
			`else`
			`echo "$(1)=$(1)" >> "$$$${ENGINES_CNF}"`
			`echo "$$(OSSL_ENG_PKG): $(1) engine enabled. All done!"`
			`fi`
			`endef`

			`define Package/$$(OSSL_ENG_PKG)/prerm :=`
			`#!/bin/sh`
			`ENGINES_CNF="$$$${IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"`
			`[ -f "$$$${ENGINES_CNF}" ] \|\| exit 0`
			`sed -e '/$(1)=$(1)/d' -i "$$$${ENGINES_CNF}"`
			`endef`
			`endef`