#----------------------------------------------------------------------------
# build_libssl.txt - how to build the libssl binaries and create folder and packages
#
# Creation : 2010-01-23 holbru
# Last update: $Id$
#
# !!! this is not a script but an step-by-step howto !!!
#------------------------------------------------------------------------------
exit 1
### download the source code from the internet, e.g.
# http://www.openssl.org/source
# libssl-0.9.8l.tar.gz
### extract file in a temporary location
tar -xzvf libssl-0.9.8l.tar.gz
cd libssl-0.9.8l
included the CVE-2009-4355 patch
# 2010-04-12 -> openssl-0.9.8n
# 2010-11-19 -> openssl-0.9.8p
# 2010-12-07 -> openssl-0.9.8q
# 2011-02-12 -> openssl-0.9.8r
# 2011-02-12 -> openssl-1.0.0d
# 2011-09-07 -> openssl-1.0.0e
# 2011-12-15 -> openssl-1.0.0e rebuild with 'zlib' not 'zlib-dynamic' (jed)
# 2012-01-06 -> openssl-0.9.8s
# 2012-01-06 -> openssl-1.0.0f
# 2012-01-24 -> openssl-0.9.8t
# 2012-01-24 -> openssl-1.0.0g
# 2012-03-18 -> openssl-0.9.8u
# 2012-03-18 -> openssl-1.0.0h
# 2012-04-25 -> openssl-0.9.8w
# 2012-04-25 -> openssl-1.0.0i
# 2012-05-11 -> openssl-0.9.8x
# 2012-05-11 -> openssl-1.0.0j
# 2012-12-09 -> openssl-0.9.8x LibC-2.8
# 2012-12-09 -> openssl-1.0.1c LibC-2.8
# 2013-02-06 -> openssl-0.9.8y
# 2013-02-06 -> openssl-1.0.1d
# 2013-03-09 -> openssl-1.0.1e
# 2013-04-29 -> openssl-fips-2.0.3
# 2013-04-29 -> openssl-1.0.1e mit fips-2.0.3
# 2013-06-29 -> openssl-fips-2.0.5
# 2013-06-29 -> openssl-1.0.1e mit fips-2.0.5 LibC-2.11.3
# 2013-07-29 rebuild with ld-2.22
# 2014-01-11 -> openssl-fips-2.0.5
# 2014-01.11 -> openssl-1.0.1f mit fips-2.0.5
# 2014-03-18 -> openssl-0.9.8x
# 2014.03-18 -> openssl-1.0.1f mit fips
# build with rpm Suse Factory
# libopenssl0_9_8-0.9.8x-8.2.src.rpm
# openssl-1.0.1f-2.1.src.rpm
# 2014-04-08 -> openssl-1.0.1g
# build with rpm suse Factory
# openssl-1.0.1g-211.1.src.rpm
# 2014-05-03 -> openssl-1.0.1g-5.1
# build with rpm Suese Factory
# openssl-1.0.1g-5.1.src.rpm
# 2014-05-24 -> openssl-1.0.1g-8.1
# build with rpm Suse factory
# openssl-1.0.1g-8.1.src.rpm
# 2014-06-05 -> openssl-1.0.1h-229.1
# build with rpm Suse Factory
# openssl-1.0.1h-229.1.src.rpm
# 2014-08-23 -> openssl-1.0.1i-239.2
# build with rpm Suse Factory
# openssl-1.0.1i-239.2.src.rpm
# 2014-10-23 -> openssl-1.0.1j-242.1
# build with rpm Suse Factory
# openssl-1.0.1j-242.1.src.rpm
# 2014-12-16 -> openssl-1.0.1j-245.2
# build with rpm Suse Fatory
# openssl-1.0.1j-245.2.src.rpm
# enable-tlsext
# 2015-01-09 -> openssl-1.0.1k-248.1
# build with rmp Suse Factory
# openssl-1.0.1k-248.1.src.rpm
# 2015-03-20 -> openssl-1.0.1k-257.1
# build dwith rpm Suse factory
# openssl-1.0.1k-257.1.src.rpm
# 2015-03-20 -> openssl-0.9.8zf
# build with rpm
# libopenssl0_9_8-0.9.8zf-9.2.src.rpm
# 2015-03-27 -> openssl-1.0.1k-259.1
# rebuild with rpm Suse
# openssl-1.0.1k-259.1.src.rpm
# 2015-06-12 -> opensl-1.0.2b-261.1
# build with rpm Suse
# openssl-1.0.2b-261.1.src.rpm
# 2015-06-13 -> openssl-1.0.2c
# build with rpm Suse
# openssl-1.0.2c-262.1.src.rpm
# 2015-07-09 -a openssl-1.0.2d
# build with rpm Suse
# openssl-1.0.2d-266.1.src.rpm
# 2015-12-05 -> openssl-1.0.2e
# build with rpm Suse
# opensl-1.0.2e-269.1.src.rpm
# 2015-12-05 -> libopenssl-0.9.8zh
# build with rpm
# libopenssl0_9_8-0.9.8zh-2.2.src.rpm
# 2016-01-29 -> openssl-1.0.2f
# build with rpm Suse
# openssl-1.0.2f-271.1.src.rpm
# 2016-05-04 -> openssl-1.0.2h
# build with rpm suse
# openssl-1.0.2h-278.1.src.rpm
# 2016-05-07 -> opensl-1.0.2h
# rebuild with rpm Suse
# added patch a1eef75 from openssl git
# openssl-1.0.2h-278.2.src.rpm
# hbfl
# 2016-09-24 -> openssl-1.0.2i
# build with rpm Suse
# openssl-1.0.2i-279.27.src.rpm
# hbfl
# 2016-09-27 -> openssl-1.0.2j
# build with rpm Suse
# openssl-1.0.2j-281.1.src.rpm
# hbfl
# 2017-01-28 -> libopenssl0_9_8
# build with rmp Suse
# libopenssl0_9_8-0.9.8zh-9.6.1.src.rpm
# splitout in single package
# build only for security, deprecated
# 2017-01-28 -> openssl-1.0.2k
# build with rpm suse
# openssl-1.0.2k-288.12.src.rpm
# hbfl
# 2017-06-05 -> openssl-1.0.2l
# build with rpm suse
# openssl-1_0_0-1.0.2l-15.3.src.rpm
# splitout openssl
# hbfl
# 2017-06-05 -> openssl-1.1.0f
# build with rpm Suse
# openssl-1_1_0-1.1.0f-1.1.src.rpm
# hbfl
# 2017-11-05 -> openssl-1.0.2m
# build with rpm suse
# openssl-1_0_0-1.0.2m-38.1.src.rpm
# hbfl
# 2017-12-10 -> openssl-1.0.2n
# build with rpm Suse
# openssl-1_0_0-1.0.2n-42.1.src.rpm
# hbfl
# 2017-12-21 -> openssl-1.0.2n glibc-2.22
# build with rpm SUSE
# openssl-1_0_0-1.0.2n-42.1.src.rpm
# hbfl
# 2018-03_28 -> openssl-1_1-1.1.0h
# build with rpm Suse
# openssl-1_1-1.1.0h-9.1.src.rpm
# hbfl
# 2018-08_14 -> openssl-1_1-1.1.0i
# 2018-08-15 -> openssl-1_0_0-1.0.2p
# build with rpm Suse
# openssl-1_1-1.1.0i-22.1.src.rpm
# openssl-1_0_0-1.0.2p-48.1.src.rpm
# hbfl
# 2018-11-21 -> openssl-1_0_0-1.0.2q
# 2018-11-21 -> openssl-1_1-1.1.0j
# build with rpm Suse
# openssl-1_0_0-1.0.2q-50.1.src.rpm
# openssl-1_1-1.1.0j-22.1.src.rpm
# hbfl
# 2019-03-02 -> openssl-1_0_0-1.0.2r
# 2019-03-02 -> openssl-1_1-1.1.1b
# build with rpm Suse
# openssl-1_0_0-1.0.2r-54.1.src.rpm
# openssl-1_1-1.1.1b-34.1.src.rpm
# hbfl
# 2019-05-30 -> openssl-1_1-1.1.1c
# build with rpm Suse
# openssl-1_1-1.1.1c-40.1.src.rpm
# hbfl
# 2019-09-13 -> openssl-1_1-1.1.1d
# build with rpm Suse
# openssl-1_1-1.1.1d-46.1.src.rpm
# zurueckgezogen
# hbfl
# 2019-10-23 -> openssl-1_0_0-1.0.2t
# build with rpm Suse
# openssl-1_0_0-1.0.2t-1.1.src.rpm
# hbfl
# 2019-11-23 -> openssl-1_1-1.1.1d
# build with rpm Suse
# openssl-1_1-1.1.1d-1.1.src.rpm
# hbfl
# 2019-12-28 -> openssl-1_0_0-1.0.2u
# build with rpm Suse
# openssl-1_0_0-1.0.2u-1.2.src.rpm
# openssl-1_1-1.1.1d-2.1.src.rpm
# hbfl
# 2020-04-03 -> openssl-1_1-1.1.1d
# rebuild with rpm Suse -> gcc-9.2.1 -> glibc-2.31
# openssl-1_1-1.1.1d-1.2.src.rpm
# hbfl
# 2020-07-14 -> openssl-1_1-1.1.1g
# rebuild with rpm Suse
# openssl-1_1-1.1.1g-2.11.src.rpm
# hbfl
# 2020-09-05 -> openssl-1_1-1.1.1g
# rebuild with rpm Suse
# openssl-1_1-1.1.1g-2.13.src.rpm
# hbfl
# 2020-10-24 -> openssl-1_1-1.1.1h
# build with rpm Suse
# openssl-1_1-1.1.1h-1.1.src.rpm
# hbfl
# 2020-10-25 - openssl-1_0_0-1.0.2u
# build with rpm Suse
# openssl-1_0_0-1.0.2u-3.1.src.rpm
# hbfl
# 2021-03-08 -> openssl-1_1-1.1.1j
# build with rpm Suse
# openssl-1_1-1.1.1j-1.1.src.rpm
# hbfl
# 2021-04-10 -> openssl-1_1-1.1.1k
# build with rpm Suse
# openssl-1_1-1.1.1k-1.1.src.rpm
# hbfl
# 2021-06-06 -> openssl-1_1-1.1.1k
# rebuild with rpm Suse -> gcc-10 -> glibc-2.33
# openssl-1_1-1.1.1k-2.12.src.rpm
# hbfl
# 2021-08-31 -> openssl-1_1-1.1.1l
# build with rpm Suse
# openssl-1_1-1.1.1l-1.1.src.rpm
# hbfl
# 2022-01-08 -> openssl-1_0_0-1.0.2u
# rebuild with rpm Suse -> gcc-10 -> glibc-2.33
# openssl-1_0_0-1.0.2u-6.3.src.rpm
# create link to engines from engines-1.0
# hbfl
# 2022-01-12 -> openssl-1_1-1.1.1m
# build with rpm Suse
# openssl-1_1-1.1.1m-1.2.src.rpm
# hbfl
# 2022-04-02 -> openssl-1_1-1.1.1n
# build with rpm Suse
# openssl-1_1-1.1.1n-1.1.src.rpm
# create openssl-1_1 with update-alternatives to openssl
# hbfl
# 2022-06-29 -> openssl-1_1-1.1.1p
# build with rpm Suse
# openssl-1_1-1.1.1p-1.1.src.rpm
# remove c_rehash
# hbfl
# 2022-07-10 -> openssl-1_1-1.1.1q
# build with rpm Suse
# openssl-1_1-1.1.1q-1.1.src.rpm
# hbfl
# 2022-11-06 -> openssl-1_1-1.1.1s
# build with rpm Suse
# openssl-1_1-1.1.1s-1.1.src.rpm
# hbfl
# 2023-03-03 -> openssl-1_1-1.1.ts
# build with rpm Suse
# openssl-1_1-1.1.1t-1.1.src.rpm
# hbfl
# 2023-03-03 -> openssl-1_0_0-1.0.2u
# rebuild with rpm Suse
# openssl-1_0_0-1.0.2u-13.1.src.rpm
# create link to engines from engines-1.0
# hbfl
# 2023-03-28 -> openssl-3-3.0.8
# build with rpm Suse -> gcc-12 -> glibc-2.37
# openssl-3-3.0.8-2.4.src.rpm
# !!!configure bearbeiten!!!
# --with-rand-seed=devrandom,getrandom
# hbfl
# 2023-06-20 -> openssl-3-3.1.1
# 2023-06-20 -> openssl-1_1-1.1.1u
# 2023-06-20 -> openssl-1_0_0-1.0.2u
# build with rpm Suse
# openssl-3-3.1.1-1.2.src.rpm
# openssl-1_1-1.1.1u-1.1.src.rpm
# openssl-1_0_0-1.0.2u-17.1.src.rpm
# create link to engines from engines-1.0
# hbfl
# 2023-08-06 -> openssl-3-3.1.2
# 2023-08-06 -> openssl-1_1-1.1.1v
# 2023-08-06 -> openssl-1_0_0-1.0.2u
# build with rpm Suse
# openssl-3-3.1.2-1.1.src.rpm
# openssl-1_1-1.1.1v-1.1.src.rpm
# openssl-1_0_0-1.0.2u-21.1.src.rpm
# create link to engines from engines-1.0
# hbfl
# 2023-09-20 -> openssl-1_1-1.1.1w
# build with rpm Suse
# openssl-1_1-1.1.1w-1.1.src.rpm
# hbfl
# 2023-10-02 -> openssl-3-3.1.3
# build with rpm Suse
# openssl-3-3.1.3-1.2.src.rpm
# 2023-10-10 -> openssl-1_0_0-1.0.2u
# build with rpm Suse
# openssl-1_0_0-1.0.2u-22.2.src.rpm
# create link to engines from engines-1.0
# hbfl
# 2023-10-31 -> openssl-3-3.1.4
# build with rpm Suse
# openssl-3-3.1.4-1.1.src.rpm
# alte version entfernen
# hbfl
# 2024-03-20 -> openssl-3-3.1.4
# rebuild with rpm Suse
# openssl-3-3.1.4-5.1.src.rpm
# alte version entfernen
# hbfl
# 2024-05-11 -> openssl-1_0_0-1.0.2u
# 2024-05-11 -> openssl-1_1-1.1.1w
# 2024-05-11 -> openssl-3-3.1.4
# rebuild with rpm Suse
# openssl-1_0_0-1.0.2u-25.2.src.rpm
# create link to engines from engines-1.0
# openssl-1_1-1.1.1w-9.1.src.rpm
# openssl-3-3.1.4-6.1.src.rpm
# openssl-3 alte version entfernen
# hbfl
# 2024-06-08 -> openssl-3-3.1.4
# rebuild with rpm Suse
# openssl-3-3.1.4-9.1.src.rpm
# drop entry for livepatching
# hbfl
# 2024-08-05 -> openssl-3-3.1.4
# rebuild with rpm Suse
# openssl-3-3.1.4-11.1.src.rpm
# drop entry for livepatching
# hbfl
# 2024-09-11 -> openssl-3-3.1.4
# rebuild with rpm Suse
# openssl-3-3.1.4-13.1.src.rpm
# drop entry for livepatching
# 32er build 1 test entfernt, failed
# rm test/recipes/90-test_sslapi.t
# hbfl
# 2024-09-11 -> openssl-1_1-1.1.1w
# rebuild with rpm Suse
# openssl-1_1-1.1.1w-11.1.src.rpm
# hbfl
# 2024-10-23 -> openssl-3-3.1.4
# rebuild with rpm Suse
# openssl-3-3.1.4-15.1.src.rpm
# drop entry for livepatching
# 32er build 1 test entfernt, failed
# rm test/recipes/90-test_sslapi.t
# without relase, repo overfull
# hbfl
# 2024-11-06 -> openssl-3-3.1.7
# rebuild with rpm Suse
# openssl-3-3.1.7-1.1.src.rpm
# drop entry for livepatching
# 32er build 1 test entfernt, failed
# rm test/recipes/90-test_sslapi.t
# hbfl
# 2024-12-01 -> openssl-3-3.2.3
# rebuild with rpm Suse
# openssl-3-3.2.3-2.1.src.rpm
# drop entry for livepatching
# drop %{pack_ipa_dumps}
# 32er build 1 test entfernt, failed
# rm test/recipes/90-test_sslapi.t
# hbfl
# 2025-01-30 -> openssl-3-3.2.3
# rebuild with rpm Suse
# openssl-3-3.2.3-4.1.src.rpm
# drop entry for livepatching
# drop %{pack_ipa_dumps}
# 32er build 1 test entfernt, failed
# rm test/recipes/90-test_sslapi.t
# hbfl
# 2025-02-18 -> openssl-3-3.2.4
# build with rpm Suse
# openssl-3-3.2.4-1.1.src.rpm
# change entrys to
## Enable userspace livepatching.
#%define livepatchable 0
## Define ulp-macros macros as empty
#%define cflags_livepatching %nil
# hbfl
# 2025-03-15 -> openssl-3-3.2.4
# rebuild with rpm Suse -> gcc-14 -> glibc-2.41
# openssl-3-3.2.4-2.1.src.rpm
# hbfl
# 2025-05-07 -> openssl-3-3.5.0
# build with rpm Suse
# openssl-3-5.0-1.1.src.rpm
# drop %{pack_ipa_dumps}
# 32er build 1 test entfernt, failed
# rm test/recipes/90-test_sslapi.t
# Try this to give more verbose output for a specific test failure:
# make TESTS=test_bio_dgram V=1 test
# after strip, build the hmac checksumm new
# install fipscheck
#
# fipshmac $libname
# old version
# fips_standalone_hmac \
libssl.so.1.1 > .libssl.so.1.1.hmac
# fips_standalone_hmac \
libcrypto.so.1.1 > .libcrypto.so.1.1.hmac
### build
export CFLAGS='-O2 -march=i486'
export CXXFLAGS="${CFLAGS}"
# 2013-04-29 -> openssl-fips-2.0.3
# 2013-06-29 -> openssl-fips-2.0.5
# 2013-07-29 -> openssl-fips-2.0.5 rebuild with ld-2.22
./config
make
make install
# installiert nach
# /usr/local/ssl/fips-2.0
# wird nur als build source benoetigt
Configured for linux-elf.
WARNING: OpenSSL has been configured to generate a fipscanister.o object module.
That compiled module is NOT FIPS 140-2 validated or suitable for use in
satisfying a requirement for the use of FIPS 140-2 validated cryptography
UNLESS the requirements of the Security Policy are followed exactly (see
http://openssl.org/docs/fips/ or http://csrc.nist.gov/cryptval/).
This is the OpenSSL FIPS 2.0 module.
# 2013-04-29 -> OpenSSL build mit fips
# 2013-06-29 -> OpenSSL build mit fips
# 2013-07-29 -> OpenSSL build mit fips rebuild with ld-2.22
./config \
fips \
--openssldir=/etc/ssl \
--prefix=/usr \
shared \
zlib
make
make test
make INSTALL_PREFIX=/public/lib/openssl/1.0.1f-fips install
# strip files/binarys
for filename in `find /public/lib/openssl/1.0.1e-fips/usr/{bin/*,lib/*.so.*,lib/engines/*} -type f`
do
echo $filename
strip -R .note -R .comment "$filename"
done
# copy files
cp *** <svn-root>/lib/libssl/bin_**_libssl_0_9_8l/***
#---------------------------------------------------------------------------
create folder
Um die Folder im Hauptverszeichnis zu erstellen gibt es das Script 'libssl-folder.sh'
unter libssl/_ADMIN/
mit
libssl-folder.sh -v 0.9.8l -w create
wird die folder Struktur fuer die lib Version 0.9.8l erstellt
nun koennen die files aus dem compilat eingefuegt werden.
mit
libssl-folder.sh -v 0.9.8l -w add
wird ein svn add auf die erzeugten Folder durchgefuehrt.
mit
libssl-folder.sh -v 0.9.8l -w list
wird fuer jeden Folder die files-list.txt erzeugt, add muss zwingend
vorher ausgefuehrt worden sein
mit
libssl-folder.sh -v 0.9.8l -w ci
erfolgt der commit der erzeugten Folder
In den eis und eis_dev Foldern muessen keine Anpassungen vorgenommen werden.
Diese Anpassungen erfolgen beim packen der packages durch mktarball.sh
mit den _do_ Scripten unter _ADMIN automatisch.
In den Pack-Scripten unter _ADMIN muss dann noch die Pfadangabe geaendert werden,
auf den soeben erzeugten Pfad und ein commit ausgefuehrt werden.
Nach dem checkout auf eisler koennen nun die packages erzeugt werden.
die wichtigsten Parameter fuer mktarball.sh sind dann
-setdate now
-setversion ${version}
mktarball.sh - home -setdate now -setversion [version angeben] libssl libssl-dev
duch die Angabe von -home werden die packages in die
Folder Struktur /home/user/public_html/packages/ kopiert und koennen von da
direkt auf Pack-Eis geladen werden.
wichtig ist noch, dass unbedingt die 'lib' Version zuerst gebaut werden muss, da fuer
die 'dev' Version Informationen aus der 'lib' Info Datei gelesen werden.