The OpenSSL package contains management tools and libraries
relating to cryptography. These are useful for providing
cryptographic functions to other packages, such as OpenSSH, email
applications, and web browsers (for accessing HTTPS sites).
Approximate build time:
1.8 SBU
Required disk space:
920 MB
8.57.1. Installation of OpenSSL
One test, 30-test_afalg.t, is known to fail if the host kernel does
not have CONFIG_CRYPTO_USER_API_SKCIPHER enabled, or does
not have any options providing an AES with CBC implementation (for
example, the combination of CONFIG_CRYPTO_AES and CONFIG_CRYPTO_CBC, or CONFIG_CRYPTO_AES_NI_INTEL if the CPU supports
AES-NI) enabled. If it fails, it can safely be ignored.
Create the PKGBUILD for the OpenSSL package with the following
commands:
mkdir /sources/openssl
cd /sources/openssl
cat > PKGBUILD << "REALEOF"
# Maintainer: Linux From Scratch <lfs-dev@lists.linuxfromscratch.org>
pkgname="openssl"
pkgver="3.4.1"
pkgrel="1"
pkgdesc="The OpenSSL package contains management tools and libraries relating to cryptography."
arch=('x86'
'x86_64')
url="https://www.openssl-library.org/"
license=('OpenSSL'
'SSLeay')
groups=('core')
depends=('glibc'
'perl'
'rootfs')
makedepends=('binutils'
'coreutils'
'gcc'
'make')
source=('https://github.com/openssl/openssl/releases/download/openssl-3.4.1/openssl-3.4.1.tar.gz')
md5sums=('fb7a747ac6793a7ad7118eaba45db379')
build(){
cd ${pkgname}-${pkgver}
./config --prefix=/usr \
--openssldir=/etc/ssl \
--libdir=/lib \
shared \
zlib-dynamic
make
}
check(){
cd ${pkgname}-${pkgver}
HARNESS_JOBS=$(nproc) make -k test || true
# One test, 30-test_afalg.t, is known to fail if the host kernel does
# not have CONFIG_CRYPTO_USER_API_SKCIPHER enabled, or does not have
# any options providing an AES with CBC implementation (for example,
# the combination of CONFIG_CRYPTO_AES and CONFIG_CRYPTO_CBC, or
# CONFIG_CRYPTO_AES_NI_INTEL if the CPU supports AES-NI) enabled.
# If it fails, it can safely be ignored.
}
package(){
cd ${pkgname}-${pkgver}
# Do not install static libs
sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
make DESTDIR=${pkgdir} MANSUFFIX=ssl install
# move docu to versioned directory and install the remainder
mv -v ${pkgdir}/usr/share/doc/openssl \
${pkgdir}/usr/share/doc/openssl-${pkgver}
cp -vfr doc/* ${pkgdir}/usr/share/doc/openssl-${pkgver}
}
REALEOF
Prepare the build directory for the pacman user and build the
package:
chown -R root:pacman .
chmod 2775 .
chmod 664 PKGBUILD
su pacman -c 'makepkg -L --nodeps'
Add the newly created package to the central package repository:
cp openssl-3.4.1-1-$(uname -m).pkg.tar.xz \
/srv/pacman/repos/LFS/
repo-add /srv/pacman/repos/LFS/LFS.db.tar.xz \
/srv/pacman/repos/LFS/openssl-3.4.1-1-$(uname -m).pkg.tar.xz
Update the local cache and install the OpenSSL package:
pacman -Syu
pacman -S openssl --overwrite \* -dd --noconfirm
Finally, copy the source files into the source repository and clean
up the build directory:
mkdir /srv/pacman/source/LFS/openssl
cp PKGBUILD /srv/pacman/source/LFS/openssl
cd /sources
rm -rf openssl
![[Note]](../images/note.png)
Note
You should update OpenSSL when a new version which fixes
vulnerabilities is announced. Since OpenSSL 3.0.0, the OpenSSL
versioning scheme follows the MAJOR.MINOR.PATCH format. API/ABI
compatibility is guaranteed for the same MAJOR version number.
Because LFS installs only the shared libraries, there is no need
to recompile packages which link to libcrypto.so or libssl.so when
upgrading to a version with the same MAJOR version
number.
However, any running programs linked to those libraries need to
be stopped and restarted. Read the related entries in Section 8.2.1, “Upgrade
Issues” for details.