libressl: add a recipe to support openssh

After reading through this:

openssh/openssh-portable#48

and this thread:

https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-October/036344.html

I've concluded that this is the best of the three not-great options. The alternatives:

- bundle libressl inside openssh packages
- keep openssh dependent on openssl 1.0 and wait until upstream does something

are both inferior. Libressl is used with openssh in OpenBSD and in OS X,
so it did get at least some testing in the real world.

Signed-off-by: Alexander Kanavin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>

Author: Alexander Kanavin

meta/conf/distro/include/maintainers.inc

@@ -344,6 +344,7 @@ RECIPE_MAINTAINER_pn-libpng = "Maxin B. John <[email protected]>"
 RECIPE_MAINTAINER_pn-libproxy = "Maxin B. John <[email protected]>"
 RECIPE_MAINTAINER_pn-libpthread-stubs = "Alexander Kanavin <[email protected]>"
 RECIPE_MAINTAINER_pn-librepo = "Alexander Kanavin <[email protected]>"
+RECIPE_MAINTAINER_pn-libressl = "Alexander Kanavin <[email protected]>"
 RECIPE_MAINTAINER_pn-librsvg = "Maxin B. John <[email protected]>"
 RECIPE_MAINTAINER_pn-libsamplerate0 = "Tanu Kaskinen <[email protected]>"
 RECIPE_MAINTAINER_pn-libsdl = "Yi Zhao <[email protected]>"

meta/recipes-connectivity/libressl/libressl/0001-Link-dynamic-libraries-with-their-library-dependenci.patch

@@ -0,0 +1,73 @@
+From 0dd486ba596fea07742a9317542bce27e18fd830 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <[email protected]>
+Date: Mon, 9 Apr 2018 18:02:56 +0300
+Subject: [PATCH] Link dynamic libraries with their library dependencies.
+
+It does seem like outside of OpenBSD, no one has actually used libressl yet.
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <[email protected]>
+
+---
+ CMakeLists.txt        | 5 +++++
+ crypto/CMakeLists.txt | 1 +
+ ssl/CMakeLists.txt    | 2 +-
+ 3 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 549849f..0f9d8f5 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -266,15 +266,19 @@ set(OPENSSL_LIBS tls ssl crypto)
+ 
+ # Add additional required libs
+ if(WIN32)
++	set(OPENSSL_LIB_LIBS ws2_32)
+ 	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
+ endif()
+ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
++	set(OPENSSL_LIB_LIBS pthread)
+ 	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
+ endif()
+ if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
++	set(OPENSSL_LIB_LIBS pthread)
+ 	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
+ endif()
+ if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
++	set(OPENSSL_LIB_LIBS nsl socket)
+ 	set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
+ endif()
+ 
+@@ -282,6 +286,7 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
+ 	# Check if we need -lrt to get clock_gettime on Linux
+ 	check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
+ 	if (HAVE_CLOCK_GETTIME)
++		set(OPENSSL_LIB_LIBS ${OPENSSL_LIB_LIBS} rt)
+ 		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
+ 	endif()
+ else()
+diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
+index 90e127e..08eceda 100644
+--- a/crypto/CMakeLists.txt
++++ b/crypto/CMakeLists.txt
+@@ -813,6 +813,7 @@ target_include_directories(crypto
+ 		../include)
+ 
+ if (BUILD_SHARED_LIBS)
++	target_link_libraries(crypto ${OPENSSL_LIB_LIBS})
+ 	export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym)
+ 	if (WIN32)
+ 		target_link_libraries(crypto Ws2_32.lib)
+diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
+index 1a559e6..ed17223 100644
+--- a/ssl/CMakeLists.txt
++++ b/ssl/CMakeLists.txt
+@@ -51,7 +51,7 @@ target_include_directories(ssl
+ 
+ if (BUILD_SHARED_LIBS)
+ 	export_symbol(ssl ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
+-	target_link_libraries(ssl crypto)
++	target_link_libraries(ssl crypto ${OPENSSL_LIB_LIBS})
+ 	if (WIN32)
+ 		target_link_libraries(ssl Ws2_32.lib)
+ 		set(SSL_POSTFIX -${SSL_MAJOR_VERSION})

meta/recipes-connectivity/libressl/libressl_2.8.0.bb

@@ -0,0 +1,35 @@
+SUMMARY = "Drop-in replacement for openssl 1.0.x, maintained by OpenBSD"
+DESCRIPTION = "LibreSSL is a version of the TLS/crypto stack forked from \
+               OpenSSL in 2014, with goals of modernizing the codebase, \
+               improving security, and applying best practice development processes. "
+HOMEPAGE = "http://www.libressl.org/"
+
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://COPYING;md5=01f9bb4d275f5eeea905377bef3de622"
+
+SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${PV}.tar.gz \
+           file://0001-Link-dynamic-libraries-with-their-library-dependenci.patch \
+           "
+SRC_URI[md5sum] = "d922be6690e7de8949948aaec42a4563"
+SRC_URI[sha256sum] = "af2bba965b06063518eec6f192d411631dfe1d07713760c67c3c29d348789dc3"
+
+inherit cmake
+
+EXTRA_OECMAKE = "-DOPENSSLDIR=${sysconfdir}/libressl -DBUILD_SHARED_LIBS=ON"
+
+PACKAGE_PREPROCESS_FUNCS += "libressl_package_preprocess"
+
+# libressl development files and executable binaries clash with openssl 1.1
+# files when installed into target rootfs. So we don't put them into
+# packages, but they continue to be provided via target sysroot for
+# cross-compilation on the host, if some software needs specifically libressl.
+libressl_package_preprocess () {
+        for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
+                rm $file
+        done
+}
+
+# {standard input}: Assembler messages:
+# {standard input}:303: Error: selected processor does not support `rev r0,r0' in ARM mode
+# {standard input}:303: Error: selected processor does not support `rev ip,ip' in ARM mode
+OECMAKE_C_FLAGS_append_arm = " -D__STRICT_ALIGNMENT"