poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb - mdmillerii/openbmc - Gitiles

 SUMMARY = "Secure Socket Layer"
 DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
 HOMEPAGE = "http://www.openssl.org/"
 BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
 SECTION = "libs/network"

 # "openssl | SSLeay" dual license
 LICENSE = "openssl"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"

 DEPENDS = "hostperl-runtime-native"
 DEPENDS_append_class-target = " openssl-native"

 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://openssl-c_rehash.sh \
            file://configure-targets.patch \
            file://shared-libs.patch \
            file://oe-ldflags.patch \
            file://engines-install-in-libdir-ssl.patch \
            file://debian1.0.2/block_diginotar.patch \
            file://debian1.0.2/block_digicert_malaysia.patch \
            file://debian/c_rehash-compat.patch \
            file://debian/debian-targets.patch \
            file://debian/man-dir.patch \
            file://debian/man-section.patch \
            file://debian/no-rpath.patch \
            file://debian/no-symbolic.patch \
            file://debian/pic.patch \
            file://debian1.0.2/version-script.patch \
            file://debian1.0.2/soname.patch \
            file://openssl_fix_for_x32.patch \
            file://openssl-fix-des.pod-error.patch \
            file://Makefiles-ptest.patch \
            file://ptest-deps.patch \
            file://ptest_makefile_deps.patch \
            file://configure-musl-target.patch \
            file://parallel.patch \
            file://Use-SHA256-not-MD5-as-default-digest.patch \
            file://0001-Fix-build-with-clang-using-external-assembler.patch \
            file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
            file://0001-allow-manpages-to-be-disabled.patch \
            file://0001-Fix-BN_LLONG-breakage.patch \
            file://0001-Fix-DES_LONG-breakage.patch \
            "

 SRC_URI_append_class-target = " \
            file://reproducible-cflags.patch \
            file://reproducible-mkbuildinf.patch \
            "

 SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "

 SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
 SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"

 S = "${WORKDIR}/openssl-${PV}"

 UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"

 inherit pkgconfig siteinfo multilib_header ptest manpages

 PACKAGECONFIG ?= "cryptodev-linux"
 PACKAGECONFIG_class-native = ""
 PACKAGECONFIG_class-nativesdk = ""

 PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
 PACKAGECONFIG[manpages] = ",,,"
 PACKAGECONFIG[perl] = ",,,"

 # Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
 # vulnerability
 EXTRA_OECONF = "no-ssl3"

 EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"

 export OE_LDFLAGS = "${LDFLAGS}"

 # openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
 CCACHE = ""

 TERMIO ?= "-DTERMIO"
 TERMIO_libc-musl = "-DTERMIOS"
 EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

 CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
          ${TERMIO} ${CFLAGS} -Wall"

 # Avoid binaries being marked as requiring an executable stack since they don't
 # (and it causes issues with SELinux)
 CFLAG += "-Wa,--noexecstack"

 CFLAG_append_class-native = " -fPIC"

 do_configure () {
 	# The crypto_use_bigint patch means that perl's bignum module needs to be
 	# installed, but some distributions (for example Fedora 23) don't ship it by
 	# default.  As the resulting error is very misleading check for bignum before
 	# building.
 	if ! perl -Mbigint -e true; then
 		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
 	fi

 	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/

 	os=${HOST_OS}
 	case $os in
 	linux-gnueabi |\
 	linux-gnuspe |\
 	linux-musleabi |\
 	linux-muslspe |\
 	linux-musl )
 		os=linux
 		;;
 	*)
 		;;
 	esac
 	target="$os-${HOST_ARCH}"
 	case $target in
 	linux-arm)
 		target=linux-armv4
 		;;
 	linux-armeb)
 		target=linux-elf-armeb
 		;;
 	linux-aarch64*)
 		target=linux-aarch64
 		;;
 	linux-sh3)
 		target=debian-sh3
 		;;
 	linux-sh4)
 		target=debian-sh4
 		;;
 	linux-i486)
 		target=debian-i386-i486
 		;;
 	linux-i586 | linux-viac3)
 		target=debian-i386-i586
 		;;
 	linux-i686)
 		target=debian-i386-i686/cmov
 		;;
 	linux-gnux32-x86_64 | linux-muslx32-x86_64 )
 		target=linux-x32
 		;;
 	linux-gnu64-x86_64)
 		target=linux-x86_64
 		;;
 	linux-gnun32-mips*el)
 		target=debian-mipsn32el
 		;;
 	linux-gnun32-mips*)
 		target=debian-mipsn32
 		;;
 	linux-mips*64*el)
 		target=debian-mips64el
 		;;
 	linux-mips*64*)
 		target=debian-mips64
 		;;
 	linux-mips*el)
 		target=debian-mipsel
 		;;
 	linux-mips*)
 		target=debian-mips
 		;;
 	linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
 		target=linux-generic32
 		;;
 	linux-powerpc)
 		target=linux-ppc
 		;;
 	linux-powerpc64)
 		target=linux-ppc64
 		;;
 	linux-riscv32)
 		target=linux-generic32
 		;;
 	linux-riscv64)
 		target=linux-generic64
 		;;
 	linux-sparc | linux-supersparc)
 		target=linux-sparcv8
 		;;
 	esac

 	# inject machine-specific flags
 	sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure

 	useprefix=${prefix}
 	if [ "x$useprefix" = "x" ]; then
 		useprefix=/
 	fi
 	libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
 	perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
 }

 do_compile () {
 	oe_runmake depend
 	oe_runmake
 }

 do_compile_class-target () {
 	sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
 	oe_runmake depend
 	cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
 	oe_runmake CC_INFO="$cc_sanitized"
 }

 do_compile_ptest () {
 	oe_runmake buildtest
 }

 do_install () {
 	# Create ${D}/${prefix} to fix parallel issues
 	mkdir -p ${D}/${prefix}/

 	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install

 	oe_libinstall -so libcrypto ${D}${libdir}
 	oe_libinstall -so libssl ${D}${libdir}

 	install -d ${D}${includedir}
 	cp --dereference -R include/openssl ${D}${includedir}

 	oe_multilib_header openssl/opensslconf.h

 	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
 	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash

 	if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
 		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
 		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
 	else
 		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
 	fi

 	# Create SSL structure for packages such as ca-certificates which
 	# contain hard-coded paths to /etc/ssl. Debian does the same.
 	install -d ${D}${sysconfdir}/ssl
 	mv ${D}${libdir}/ssl/certs \
 	   ${D}${libdir}/ssl/private \
 	   ${D}${libdir}/ssl/openssl.cnf \
 	   ${D}${sysconfdir}/ssl/

 	# Although absolute symlinks would be OK for the target, they become
 	# invalid if native or nativesdk are relocated from sstate.
 	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
 	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
 	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf

 	# Rename man pages to prefix openssl10-*
 	for f in `find ${D}${mandir} -type f`; do
 	    mv $f $(dirname $f)/openssl10-$(basename $f)
 	done
 	for f in `find ${D}${mandir} -type l`; do
 	    ln_f=`readlink $f`
 	    rm -f $f
 	    ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
 	done
 }

 do_install_append_class-native () {
 	create_wrapper ${D}${bindir}/openssl \
 	    OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
 	    SSL_CERT_DIR=${libdir}/ssl/certs \
 	    SSL_CERT_FILE=${libdir}/ssl/cert.pem \
 	    OPENSSL_ENGINES=${libdir}/ssl/engines
 }

 do_install_append_class-nativesdk () {
 	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
 	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
 }

 do_install_ptest () {
 	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}

 	# Replace the path to native perl with the path to target perl
 	sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile

 	cp Configure config e_os.h ${D}${PTEST_PATH}
 	cp -r -L include ${D}${PTEST_PATH}
 	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
 	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
 	mkdir -p ${D}${PTEST_PATH}/crypto
 	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
 	cp -r certs ${D}${PTEST_PATH}
 	mkdir -p ${D}${PTEST_PATH}/apps
 	ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
 	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
 	ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
 	cp apps/server.pem              ${D}${PTEST_PATH}/apps
 	cp apps/server2.pem             ${D}${PTEST_PATH}/apps
 	mkdir -p ${D}${PTEST_PATH}/util
 	install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
 	install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
 	# Time stamps are relevant for "make alltests", otherwise
 	# make may try to recompile binaries. Not only must the
 	# binary files be newer than the sources, they also must
 	# be more recent than the header files in /usr/include.
 	#
 	# Using "cp -a" is not sufficient, because do_install
 	# does not preserve the original time stamps.
 	#
 	# So instead of using the original file stamps, we set
 	# the current time for all files. Binaries will get
 	# modified again later when stripping them, but that's okay.
 	touch ${D}${PTEST_PATH}
 	find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}

 	# exclude binary files or the package won't install
 	for d in ssltest_old v3ext x509aux; do
 		rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
 	done

 	# Remove build host references
 	sed -i \
 	-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
 	-e 's|${DEBUG_PREFIX_MAP}||g' \
 	${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
 }

 # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
 # package RRECOMMENDS on this package. This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.

 PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"

 FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
 FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
 FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
 FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
 FILES_${PN}-misc = "${libdir}/ssl/misc"
 FILES_${PN} =+ "${libdir}/ssl/*"
 FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

 CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"

 RRECOMMENDS_libcrypto10 += "openssl10-conf"
 RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
 RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"

 BBCLASSEXTEND = "native nativesdk"
 PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"

 # openssl 1.0 development files and executable binaries clash with openssl 1.1
 # files when installed into target rootfs. So we don't put them into
 # packages, but they continue to be provided via target sysroot for
 # cross-compilation on the host, if some software still depends on openssl 1.0.
 openssl_package_preprocess () {
         for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
                 rm $file
         done
         rm ${PKGD}${bindir}/openssl
         rm ${PKGD}${bindir}/c_rehash
         rmdir ${PKGD}${bindir}

 }
	SUMMARY = "Secure Socket Layer"
	DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
	HOMEPAGE = "http://www.openssl.org/"
	BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
	SECTION = "libs/network"

	# "openssl \| SSLeay" dual license
	LICENSE = "openssl"
	LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"

	DEPENDS = "hostperl-runtime-native"
	DEPENDS_append_class-target = " openssl-native"

	SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
	file://run-ptest \
	file://openssl-c_rehash.sh \
	file://configure-targets.patch \
	file://shared-libs.patch \
	file://oe-ldflags.patch \
	file://engines-install-in-libdir-ssl.patch \
	file://debian1.0.2/block_diginotar.patch \
	file://debian1.0.2/block_digicert_malaysia.patch \
	file://debian/c_rehash-compat.patch \
	file://debian/debian-targets.patch \
	file://debian/man-dir.patch \
	file://debian/man-section.patch \
	file://debian/no-rpath.patch \
	file://debian/no-symbolic.patch \
	file://debian/pic.patch \
	file://debian1.0.2/version-script.patch \
	file://debian1.0.2/soname.patch \
	file://openssl_fix_for_x32.patch \
	file://openssl-fix-des.pod-error.patch \
	file://Makefiles-ptest.patch \
	file://ptest-deps.patch \
	file://ptest_makefile_deps.patch \
	file://configure-musl-target.patch \
	file://parallel.patch \
	file://Use-SHA256-not-MD5-as-default-digest.patch \
	file://0001-Fix-build-with-clang-using-external-assembler.patch \
	file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
	file://0001-allow-manpages-to-be-disabled.patch \
	file://0001-Fix-BN_LLONG-breakage.patch \
	file://0001-Fix-DES_LONG-breakage.patch \
	"

	SRC_URI_append_class-target = " \
	file://reproducible-cflags.patch \
	file://reproducible-mkbuildinf.patch \
	"

	SRC_URI_append_class-nativesdk = " \
	file://environment.d-openssl.sh \
	"

	SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
	SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"

	S = "${WORKDIR}/openssl-${PV}"

	UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"

	inherit pkgconfig siteinfo multilib_header ptest manpages

	PACKAGECONFIG ?= "cryptodev-linux"
	PACKAGECONFIG_class-native = ""
	PACKAGECONFIG_class-nativesdk = ""

	PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
	PACKAGECONFIG[manpages] = ",,,"
	PACKAGECONFIG[perl] = ",,,"

	# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
	# vulnerability
	EXTRA_OECONF = "no-ssl3"

	EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"

	export OE_LDFLAGS = "${LDFLAGS}"

	# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
	CCACHE = ""

	TERMIO ?= "-DTERMIO"
	TERMIO_libc-musl = "-DTERMIOS"
	EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"

	CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
	${TERMIO} ${CFLAGS} -Wall"

	# Avoid binaries being marked as requiring an executable stack since they don't
	# (and it causes issues with SELinux)
	CFLAG += "-Wa,--noexecstack"

	CFLAG_append_class-native = " -fPIC"

	do_configure () {
	# The crypto_use_bigint patch means that perl's bignum module needs to be
	# installed, but some distributions (for example Fedora 23) don't ship it by
	# default. As the resulting error is very misleading check for bignum before
	# building.
	if ! perl -Mbigint -e true; then
	bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
	fi

	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/

	os=${HOST_OS}
	case $os in
	linux-gnueabi \|\
	linux-gnuspe \|\
	linux-musleabi \|\
	linux-muslspe \|\
	linux-musl )
	os=linux
	;;
	*)
	;;
	esac
	target="$os-${HOST_ARCH}"
	case $target in
	linux-arm)
	target=linux-armv4
	;;
	linux-armeb)
	target=linux-elf-armeb
	;;
	linux-aarch64*)
	target=linux-aarch64
	;;
	linux-sh3)
	target=debian-sh3
	;;
	linux-sh4)
	target=debian-sh4
	;;
	linux-i486)
	target=debian-i386-i486
	;;
	linux-i586 \| linux-viac3)
	target=debian-i386-i586
	;;
	linux-i686)
	target=debian-i386-i686/cmov
	;;
	linux-gnux32-x86_64 \| linux-muslx32-x86_64 )
	target=linux-x32
	;;
	linux-gnu64-x86_64)
	target=linux-x86_64
	;;
	linux-gnun32-mips*el)
	target=debian-mipsn32el
	;;
	linux-gnun32-mips*)
	target=debian-mipsn32
	;;
	linux-mips64el)
	target=debian-mips64el
	;;
	linux-mips64)
	target=debian-mips64
	;;
	linux-mips*el)
	target=debian-mipsel
	;;
	linux-mips*)
	target=debian-mips
	;;
	linux-microblaze* \| linux-nios2* \| linux-gnuilp32* \| linux-arc*)
	target=linux-generic32
	;;
	linux-powerpc)
	target=linux-ppc
	;;
	linux-powerpc64)
	target=linux-ppc64
	;;
	linux-riscv32)
	target=linux-generic32
	;;
	linux-riscv64)
	target=linux-generic64
	;;
	linux-sparc \| linux-supersparc)
	target=linux-sparcv8
	;;
	esac

	# inject machine-specific flags
	sed -i -e "s\|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)\|\1:${CFLAG}\|g" Configure

	useprefix=${prefix}
	if [ "x$useprefix" = "x" ]; then
	useprefix=/
	fi
	libdirleaf="$( echo "${libdir}" \| sed "s:^$useprefix/*::" )"
	perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
	}

	do_compile () {
	oe_runmake depend
	oe_runmake
	}

	do_compile_class-target () {
	sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
	oe_runmake depend
	cc_sanitized=$(echo "${CC} ${CFLAG}" \| sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's\|${DEBUG_PREFIX_MAP}\|\|g' -e 's/[ \t]\+/ /g')
	oe_runmake CC_INFO="$cc_sanitized"
	}

	do_compile_ptest () {
	oe_runmake buildtest
	}

	do_install () {
	# Create ${D}/${prefix} to fix parallel issues
	mkdir -p ${D}/${prefix}/

	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install

	oe_libinstall -so libcrypto ${D}${libdir}
	oe_libinstall -so libssl ${D}${libdir}

	install -d ${D}${includedir}
	cp --dereference -R include/openssl ${D}${includedir}

	oe_multilib_header openssl/opensslconf.h

	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash

	if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
	sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
	sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
	else
	rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
	fi

	# Create SSL structure for packages such as ca-certificates which
	# contain hard-coded paths to /etc/ssl. Debian does the same.
	install -d ${D}${sysconfdir}/ssl
	mv ${D}${libdir}/ssl/certs \
	${D}${libdir}/ssl/private \
	${D}${libdir}/ssl/openssl.cnf \
	${D}${sysconfdir}/ssl/

	# Although absolute symlinks would be OK for the target, they become
	# invalid if native or nativesdk are relocated from sstate.
	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf

	# Rename man pages to prefix openssl10-*
	for f in `find ${D}${mandir} -type f`; do
	mv $f $(dirname $f)/openssl10-$(basename $f)
	done
	for f in `find ${D}${mandir} -type l`; do
	ln_f=`readlink $f`
	rm -f $f
	ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
	done
	}

	do_install_append_class-native () {
	create_wrapper ${D}${bindir}/openssl \
	OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
	SSL_CERT_DIR=${libdir}/ssl/certs \
	SSL_CERT_FILE=${libdir}/ssl/cert.pem \
	OPENSSL_ENGINES=${libdir}/ssl/engines
	}

	do_install_append_class-nativesdk () {
	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
	}

	do_install_ptest () {
	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}

	# Replace the path to native perl with the path to target perl
	sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile

	cp Configure config e_os.h ${D}${PTEST_PATH}
	cp -r -L include ${D}${PTEST_PATH}
	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
	mkdir -p ${D}${PTEST_PATH}/crypto
	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
	cp -r certs ${D}${PTEST_PATH}
	mkdir -p ${D}${PTEST_PATH}/apps
	ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
	ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
	cp apps/server.pem ${D}${PTEST_PATH}/apps
	cp apps/server2.pem ${D}${PTEST_PATH}/apps
	mkdir -p ${D}${PTEST_PATH}/util
	install util/opensslwrap.sh ${D}${PTEST_PATH}/util
	install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
	# Time stamps are relevant for "make alltests", otherwise
	# make may try to recompile binaries. Not only must the
	# binary files be newer than the sources, they also must
	# be more recent than the header files in /usr/include.
	#
	# Using "cp -a" is not sufficient, because do_install
	# does not preserve the original time stamps.
	#
	# So instead of using the original file stamps, we set
	# the current time for all files. Binaries will get
	# modified again later when stripping them, but that's okay.
	touch ${D}${PTEST_PATH}
	find ${D}${PTEST_PATH} -type f -print0 \| xargs --verbose -0 touch -r ${D}${PTEST_PATH}

	# exclude binary files or the package won't install
	for d in ssltest_old v3ext x509aux; do
	rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
	done

	# Remove build host references
	sed -i \
	-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
	-e 's\|${DEBUG_PREFIX_MAP}\|\|g' \
	${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
	}

	# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
	# package RRECOMMENDS on this package. This will enable the configuration
	# file to be installed for both the base openssl package and the libcrypto
	# package since the base openssl package depends on the libcrypto package.

	PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"

	FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
	FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
	FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
	FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
	FILES_${PN}-misc = "${libdir}/ssl/misc"
	FILES_${PN} =+ "${libdir}/ssl/*"
	FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"

	CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"

	RRECOMMENDS_libcrypto10 += "openssl10-conf"
	RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
	RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"

	BBCLASSEXTEND = "native nativesdk"
	PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"

	# openssl 1.0 development files and executable binaries clash with openssl 1.1
	# files when installed into target rootfs. So we don't put them into
	# packages, but they continue to be provided via target sysroot for
	# cross-compilation on the host, if some software still depends on openssl 1.0.
	openssl_package_preprocess () {
	for file in `find ${PKGD} -name .h -o -name .pc -o -name *.so`; do
	rm $file
	done
	rm ${PKGD}${bindir}/openssl
	rm ${PKGD}${bindir}/c_rehash
	rmdir ${PKGD}${bindir}

	}