On 9 July 2015 the OpenSSL Project patched a number of their releases, namely 1.0.1 and 1.0.2.  Here in the datacenter I run 1.0.2a, so it was time to build a new version to bring us up to 1.0.2d.

Compiling any new package for NetBSD is far from trivial and due to the lack of a configured cross-compiler for my architecture (mipsel) means it takes a quite a while.  Therefore there was no time to lose.

Update pkgsrc

I use cvs to update my pkgsrc installation, which on my dev box is located at /usr/pkgsrc.  To update, run the following as root:

cd /usr && cvs -q -z2 -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -P pkgsrc

Build OpenSSL

Navigate to the OpenSSL directory:

cd /usr/pkgsrc/security/openssl

Verify the pkgsrc current branch is up-to-date:

cat distinfo | grep Size

This should give you the size of the tarball, the name indicating the version number.

Clean out the directory:

make clean

See what compilation options are available:

make show-options

For OpenSSL I always choose the default then make the package:

make package

This will now configure and make the package.

Finishing off

When done, navigate to the completed packages directory:

cd /usr/pkgsrc/packages/All

Copy the package to a test system and update the current installation. As root:

pkg_add -u openssl-1.0.2d.tgz

The package should install without issue. To test:

openssl version

The installation is now complete.  Until the next patch that is…