Port OpenSSL3

recipes/wip/dev/lang/php84/recipe.toml

@@ -1,4 +1,4 @@
-#TODO fix openssl
+#TODO promote
 [source]
 tar = "https://www.php.net/distributions/php-8.4.12.tar.xz"
 patches = [
@@ -27,6 +27,7 @@ dependencies = [
     "ncurses",
     "nghttp2",
     "openssl1",
+    "openssl3", # put this after openssl1
     "pcre",
     "sqlite3",
     "xz",
@@ -58,7 +59,7 @@ COOKBOOK_CONFIGURE_FLAGS+=(
     --with-avif
     --with-ffi
     --with-libedit
-#    --with-openssl # need 1.1.1
+    --with-openssl
     --with-sodium
     --with-zip
 )

recipes/wip/dev/lang/python312/recipe.toml

@@ -1,4 +1,4 @@
-#TODO works without pip, probably it requires openssl
+#TODO works without pip
 [source]
 tar = "https://www.python.org/ftp/python/3.12.0/Python-3.12.0.tar.xz"
 patches = [
@@ -11,7 +11,7 @@ dependencies = [
     "bzip2",
     "libffi",
     "libuuid",
-#    "openssl1", requires 1.1.1
+    "openssl3",
     "ncurses",
     "ncursesw",
     "readline",

recipes/wip/libs/tls/openssl3/recipe.toml

@@ -0,0 +1,29 @@
+[source]
+tar = "https://github.com/openssl/openssl/releases/download/openssl-3.5.3/openssl-3.5.3.tar.gz"
+patches = [ "redox.patch" ]
+
+[build]
+template = "custom"
+dependencies = [
+    "zlib",
+    "zstd"
+]
+script = """
+DYNAMIC_INIT
+ARCH="${TARGET%%-*}"
+export ARFLAGS=cr
+COOKBOOK_CONFIGURE="${COOKBOOK_SOURCE}/Configure"
+COOKBOOK_CONFIGURE_FLAGS=(
+    no-tests
+    no-unit-test
+    shared
+    zlib
+    enable-zstd
+    "redox-${ARCH}"
+    --prefix="/usr"
+)
+"${COOKBOOK_CONFIGURE}" "${COOKBOOK_CONFIGURE_FLAGS[@]}"
+"${COOKBOOK_MAKE}" -j1 # bug in make/ar
+"${COOKBOOK_MAKE}" install_sw install_ssldirs DESTDIR="${COOKBOOK_STAGE}"
+rm -rfv "${COOKBOOK_STAGE}/"{share,ssl}
+"""

recipes/wip/libs/tls/openssl3/redox.patch

@@ -0,0 +1,56 @@
+diff -ruwN source/apps/lib/apps.c source-new/apps/lib/apps.c
+--- source/apps/lib/apps.c	2025-09-16 19:05:33.000000000 +0700
++++ source-new/apps/lib/apps.c	2025-09-20 12:29:36.439917319 +0700
+@@ -2839,7 +2839,7 @@
+     return ret;
+ }
+ 
+-#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
++#elif defined(_SC_CLK_TCK) && !defined(__redox__)      /* by means of unistd.h */
+ # include <sys/times.h>
+ 
+ double app_tminterval(int stop, int usertime)
+diff -ruwN source/Configurations/10-main.conf source-new/Configurations/10-main.conf
+--- source/Configurations/10-main.conf	2025-09-16 19:05:33.000000000 +0700
++++ source-new/Configurations/10-main.conf	2025-09-20 13:13:14.569456910 +0700
+@@ -208,6 +208,40 @@
+         shared_extension => ".so",
+     },
+ 
++### Redox configurations
++    "redox-common" => {
++        inherit_from     => [ "BASE_unix" ],
++        cc               => "gcc",
++        thread_scheme    => "pthreads",
++        dso_scheme       => "dlfcn",
++        shared_target    => "linux-shared",
++        shared_cflag     => "-fPIC",
++        shared_ldflag    => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
++        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
++    },
++    "redox-generic64" => {
++        inherit_from     => [ "redox-common" ],
++        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
++    },
++    "redox-aarch64" => {
++        inherit_from     => [ "redox-generic64" ],
++        perlasm_scheme   => "linux64",
++    },
++    "redox-i686" => {
++        inherit_from     => [ "redox-common" ],
++        bn_ops           => "BN_LLONG",
++        perlasm_scheme   => "elf",
++    },
++    "redox-riscv64gc" => {
++        inherit_from     => [ "redox-generic64" ],
++        perlasm_scheme   => "linux64",
++    },
++    "redox-x86_64" => {
++        inherit_from     => [ "redox-generic64" ],
++        perlasm_scheme   => "elf",
++    },
++
++
+ #### Solaris configurations
+     "solaris-common" => {
+         inherit_from     => [ "BASE_unix" ],

recipes/wip/ssh/openssh/recipe.toml

@@ -1,7 +1,5 @@
 #TODO lack of resolv.h, expect dns not working
 #TODO lack of utmpx.h, expect no way to track login in sshd
-#TODO lack of an equivalent to shadow.h, expect sshd password not working
-#TODO lack of openssl support, use only ssh-keygen from redox
 [source]
 tar = "https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz"
 patches = [
@@ -10,14 +8,13 @@ patches = [
 [build]
 template = "custom"
 dependencies = [
+    "openssl3",
     "zlib",
 ]
 script = """
 DYNAMIC_INIT
 COOKBOOK_CONFIGURE_FLAGS+=(
     --disable-strip
-# requires openssl 1.1.1, result in libcrypto error otherwise
-    --without-openssl
     --sysconfdir=/etc/ssh
 )
 cookbook_configure
@@ -35,8 +32,4 @@ CONFIG_FILE="${COOKBOOK_STAGE}"/etc/ssh/sshd_config
 
 # ipv6 is not working yet
 sed -i "s/#AddressFamily any/AddressFamily inet/g" "${CONFIG_FILE}"
-# hardcoded to 0.0.0.0 in patches
-sed -i "s/#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/g" "${CONFIG_FILE}"
-# will never work
-sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" "${CONFIG_FILE}"
 """

recipes/wip/ssh/openssh/redox.patch

@@ -459,19 +459,6 @@ diff -ruwN source/regress/netcat.c source-new/regress/netcat.c
  
  #define SOCKS_PORT	"1080"
  #define HTTP_PROXY_PORT	"3128"
-diff -ruwN source/servconf.c source-new/servconf.c
---- source/servconf.c	2024-07-01 11:36:28.000000000 +0700
-+++ source-new/servconf.c	2025-09-07 01:38:08.219942429 +0700
-@@ -857,7 +857,8 @@
- 	hints.ai_socktype = SOCK_STREAM;
- 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
- 	snprintf(strport, sizeof strport, "%d", port);
--	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
-+	// redox don't accept addr == NULL yet
-+	if ((gaierr = getaddrinfo("0.0.0.0", strport, &hints, &aitop)) != 0)
- 		fatal("bad addr or host: %s (%s)",
- 		    addr ? addr : "<NULL>",
- 		    ssh_gai_strerror(gaierr));
 diff -ruwN source/session.c source-new/session.c
 --- source/session.c	2024-07-01 11:36:28.000000000 +0700
 +++ source-new/session.c	2025-09-07 01:22:43.637928015 +0700