From 7ab59e24e68e9a40c42b6246096fb6ee08287751 Mon Sep 17 00:00:00 2001
From: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
Date: Wed, 27 Sep 2023 02:18:17 -0400
Subject: [PATCH] Build openssl debian library with with SCTP enable

By default sctp is not enabled in openssl .
To support the DTLS protocol , openssl
library must be built with 'enable-sctp' flag.
So as part of this commit,added files required to build opessl lilbray.
It is ensured to use same compile option as old openssl library
with additional flag 'enable-sctp'.

TestPlan:
PASSED: Sanity and Daily regression
PASSED: build-pkgs --parallel 4
PASSED: build-image
PASSED: Installed binary on AIO-SX
PASSED: openssl version
PASSED: system host-list
PASSED: system host-lock
PASSED: system host-unlock
PASSED: openssl genrsa -out domain.key 2048
PASSED: openssl rsa -in domain.key -pubout -out yourdomain_public.key
PASSED: SCTP intra-node traffic validation across PODs.
PASSED: Validating DTLS over SCTP in Simplex.
PASSED: Validating DTLS over SCTP in Duplex.
PASSED: DTLS over SCTP intra-node traffic validation across PODs.

Depends-On: https://review.opendev.org/c/starlingx/root/+/897102
Depends-On: https://review.opendev.org/c/starlingx/tools/+/899631

story: 2010925
Task: 48879

Change-Id: Ie0f39b625a3975db4a99c379b3d20d1a6dfa2512
Signed-off-by: Sabyasachi Nayak <sabyasachi.nayak@windriver.com>
---
 base/openssl/PKG-INFO                         | 17 +++++++++
 .../0001-Build-in-support-for-sctp.patch      | 37 +++++++++++++++++++
 base/openssl/debian/deb_patches/series        |  1 +
 base/openssl/debian/meta_data.yaml            | 10 +++++
 debian_iso_image.inc                          |  4 ++
 debian_pkg_dirs                               |  1 +
 6 files changed, 70 insertions(+)
 create mode 100644 base/openssl/PKG-INFO
 create mode 100644 base/openssl/debian/deb_patches/0001-Build-in-support-for-sctp.patch
 create mode 100644 base/openssl/debian/deb_patches/series
 create mode 100644 base/openssl/debian/meta_data.yaml

diff --git a/base/openssl/PKG-INFO b/base/openssl/PKG-INFO
new file mode 100644
index 000000000..a6a8d9bc4
--- /dev/null
+++ b/base/openssl/PKG-INFO
@@ -0,0 +1,17 @@
+Metadata-Version: 1
+Name: openssl
+Version: 1.1.1w
+Summary: Openssl with sctp enabling
+Home-page:
+Author:
+Author-email:
+License: BSD
+
+Description:
+By default, OpenSSL is typically configured and built with support for
+TCP and UDP, but SCTP is not included.
+To support DTLS Protocol, openssl library must be built with
+'enable-sctp' flag.
+
+
+Platform: UNKNOWN
diff --git a/base/openssl/debian/deb_patches/0001-Build-in-support-for-sctp.patch b/base/openssl/debian/deb_patches/0001-Build-in-support-for-sctp.patch
new file mode 100644
index 000000000..c37d259ee
--- /dev/null
+++ b/base/openssl/debian/deb_patches/0001-Build-in-support-for-sctp.patch
@@ -0,0 +1,37 @@
+From 50a3ade26e25df25f9ce800195e232e6e504a79f Mon Sep 17 00:00:00 2001
+From: sabyasachi nayak <sabyasachi.nayak@windriver.com>
+Date: Fri, 10 Nov 2023 11:20:36 +0000
+Subject: [PATCH] Build-in-support-for-sctp
+
+Signed-off-by: sabyasachi nayak <sabyasachi.nayak@windriver.com>
+---
+ debian/control | 2 +-
+ debian/rules   | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/debian/control b/debian/control
+index 2ad5a22..6dd24bb 100644
+--- a/debian/control
++++ b/debian/control
+@@ -1,5 +1,5 @@
+ Source: openssl
+-Build-Depends: debhelper-compat (= 12), m4, bc, dpkg-dev (>= 1.15.7)
++Build-Depends: debhelper-compat (= 12), m4, bc, dpkg-dev (>= 1.15.7), libsctp-dev
+ Section: utils
+ Priority: optional
+ Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
+diff --git a/debian/rules b/debian/rules
+index 9a46f89..dce8e49 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -29,7 +29,7 @@ ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+    MAKEFLAGS += -j$(NUMJOBS)
+ endif
+
+-CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-capieng
++CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-capieng enable-sctp
+ OPT_alpha = ev4 ev5
+ ARCHOPTS  = OPT_$(DEB_HOST_ARCH)
+ OPTS      = $($(ARCHOPTS))
+--
+2.30.2
diff --git a/base/openssl/debian/deb_patches/series b/base/openssl/debian/deb_patches/series
new file mode 100644
index 000000000..0904177e0
--- /dev/null
+++ b/base/openssl/debian/deb_patches/series
@@ -0,0 +1 @@
+0001-Build-in-support-for-sctp.patch
diff --git a/base/openssl/debian/meta_data.yaml b/base/openssl/debian/meta_data.yaml
new file mode 100644
index 000000000..f688c81ae
--- /dev/null
+++ b/base/openssl/debian/meta_data.yaml
@@ -0,0 +1,10 @@
+---
+debver: 1.1.1w-0+deb11u1
+debname: openssl
+dl_path:
+  name: openssl-debian-openssl-1.1.1w-0+deb11u1.tar.gz
+  url: https://salsa.debian.org/debian/openssl/-/archive/debian/openssl-1.1.1w-0+deb11u1/openssl-debian-openssl-1.1.1w-0+deb11u1.tar.gz
+  sha256sum: 89d98075fc77871eb619d7c48e3fb1ced0ce431c43b8cd85241a67597d984622
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true
diff --git a/debian_iso_image.inc b/debian_iso_image.inc
index 7a009747b..18ba38515 100644
--- a/debian_iso_image.inc
+++ b/debian_iso_image.inc
@@ -382,6 +382,10 @@ openscap-scanner
 openscap-utils
 python3-openscap
 
+#openssl
+openssl
+libssl1.1
+
 #openvswitch
 openvswitch-common
 openvswitch-switch-dpdk
diff --git a/debian_pkg_dirs b/debian_pkg_dirs
index 4c9f28df9..74bc460ac 100644
--- a/debian_pkg_dirs
+++ b/debian_pkg_dirs
@@ -8,6 +8,7 @@ base/lighttpd
 base/linuxptp
 base/lvm2
 base/lsb
+base/openssl
 base/pf-bb-config
 base/synce4l
 base/systemd