[gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/ - gentoo-commits

From:	Fabian Groffen <grobian@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/
Date:	Mon, 02 Nov 2015 19:07:00
Message-Id:	`1446491187.aa841f0b9685d21a4b7f519a6dc2e5cea155c36c.grobian@gentoo`

1

commit:     aa841f0b9685d21a4b7f519a6dc2e5cea155c36c

2

Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>

3

AuthorDate: Mon Nov  2 19:06:27 2015 +0000

4

Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>

5

CommitDate: Mon Nov  2 19:06:27 2015 +0000

6

URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=aa841f0b

7

8

dev-libs/openssl: sync, bug #564012

9

10

Package-Manager: portage-2.2.20-prefix

11

12

 dev-libs/openssl/openssl-1.0.2d-r2.ebuild | 324 ++++++++++++++++++++++++++++++

13

 1 file changed, 324 insertions(+)

14

15

diff --git a/dev-libs/openssl/openssl-1.0.2d-r2.ebuild b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild

16

new file mode 100644

17

index 0000000..28ade0c

18

--- /dev/null

19

+++ b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild

20

@@ -0,0 +1,324 @@

21

+# Copyright 1999-2015 Gentoo Foundation

22

+# Distributed under the terms of the GNU General Public License v2

23

+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2d.ebuild,v 1.2 2015/07/10 06:08:30 vapier Exp $

24

+

25

+EAPI="4"

26

+

27

+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal

28

+

29

+MY_P=${P/_/-}

30

+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"

31

+HOMEPAGE="http://www.openssl.org/"

32

+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"

33

+

34

+LICENSE="openssl"

35

+SLOT="0"

36

+KEYWORDS="~ppc-aix ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"

37

+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"

38

+RESTRICT="!bindist? ( bindist )"

39

+

40

+# The blocks are temporary just to make sure people upgrade to a

41

+# version that lack runtime version checking.  We'll drop them in

42

+# the future.

43

+RDEPEND=">=app-misc/c_rehash-1.7-r1

44

+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

45

+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

46

+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )

47

+	abi_x86_32? (

48

+		!<=app-emulation/emul-linux-x86-baselibs-20140508

49

+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

50

+	)

51

+	!<net-misc/openssh-5.9_p1-r4

52

+	!<net-libs/neon-0.29.6-r1"

53

+DEPEND="${RDEPEND}

54

+	sys-apps/diffutils

55

+	>=dev-lang/perl-5

56

+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

57

+	test? ( sys-devel/bc )"

58

+PDEPEND="app-misc/ca-certificates"

59

+

60

+S="${WORKDIR}/${MY_P}"

61

+

62

+MULTILIB_WRAPPED_HEADERS=(

63

+	usr/include/openssl/opensslconf.h

64

+)

65

+

66

+src_prepare() {

67

+	# keep this in sync with app-misc/c_rehash

68

+	SSL_CNF_DIR="/etc/ssl"

69

+

70

+	# Make sure we only ever touch Makefile.org and avoid patching a file

71

+	# that gets blown away anyways by the Configure script in src_configure

72

+	rm -f Makefile

73

+

74

+	if ! use vanilla ; then

75

+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421

76

+		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743

77

+		epatch "${FILESDIR}"/${PN}-1.0.2d-parallel-build.patch

78

+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch

79

+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch

80

+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028

81

+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch

82

+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618

83

+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338

84

+

85

+		epatch_user #332661

86

+	fi

87

+

88

+	# disable fips in the build

89

+	# make sure the man pages are suffixed #302165

90

+	# don't bother building man pages if they're disabled

91

+	sed -i \

92

+		-e '/DIRS/s: fips : :g' \

93

+		-e '/^MANSUFFIX/s:=.*:=ssl:' \

94

+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

95

+		-e $(has noman FEATURES \

96

+			&& echo '/^install:/s:install_docs::' \

97

+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \

98

+		Makefile.org \

99

+		|| die

100

+	# show the actual commands in the log

101

+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared

102

+

103

+	# avoid using /bin/sh because it's fragile on some platforms (Solaris)

104

+	sed -i -e "/SHELL=/s:=.*$:=${CONFIG_SHELL:-${BASH}}:" Makefile.org || die

105

+	sed -i -e "1a\SHELL=${CONFIG_SHELL:-${BASH}}" Makefile.shared || die

106

+

107

+	epatch "${FILESDIR}"/${PN}-0.9.8g-engines-installnames.patch

108

+	epatch "${FILESDIR}"/${PN}-1.0.0a-interix.patch

109

+	epatch "${FILESDIR}"/${PN}-1.0.0a-mint.patch

110

+	epatch "${FILESDIR}"/${PN}-1.0.2a-aix-soname.patch # like libtool

111

+	epatch "${FILESDIR}"/${PN}-1.0.0b-darwin-bundle-compile-fix.patch

112

+	epatch "${FILESDIR}"/${PN}-1.0.2-gethostbyname2-solaris.patch

113

+	if [[ ${CHOST} == *-interix* ]] ; then

114

+		sed -i -e 's/-Wl,-soname=/-Wl,-h -Wl,/' Makefile.shared || die

115

+	fi

116

+

117

+	# again, this windows patch should not do any harm to others, but

118

+	# header files are copied instead of linked now, so leave it conditional.

119

+	[[ ${CHOST} == *-winnt* ]] && epatch "${FILESDIR}"/${PN}-0.9.8k-winnt.patch

120

+

121

+	# remove -arch for darwin

122

+	sed -i '/^"darwin/s,-arch [^ ]\+,,g' Configure || die

123

+

124

+	# since we're forcing $(CC) as makedep anyway, just fix

125

+	# the conditional as always-on

126

+	# helps clang (#417795), and versioned gcc (#499818)

127

+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die

128

+

129

+	# quiet out unknown driver argument warnings since openssl

130

+	# doesn't have well-split CFLAGS and we're making it even worse

131

+	# and 'make depend' uses -Werror for added fun (#417795 again)

132

+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

133

+

134

+	# allow openssl to be cross-compiled

135

+	cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die

136

+	chmod a+rx gentoo.config

137

+

138

+	append-flags -fno-strict-aliasing

139

+	append-flags $(test-flags-CC -Wa,--noexecstack)

140

+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS

141

+

142

+	# avoid waiting on terminal input forever when spitting

143

+	# 64bit warning message.

144

+	[[ ${CHOST} == *-hpux* ]] && sed -i -e 's,stty,true,g' -e 's,read waste,true,g' config

145

+

146

+	# Upstream insists that the GNU assembler fails, so insist on calling the

147

+	# vendor assembler. However, I find otherwise. At least on Solaris-9

148

+	# --darkside (26 Aug 2008)

149

+	if [[ ${CHOST} == sparc-sun-solaris2.9 ]]; then

150

+		sed -i -e "s:/usr/ccs/bin/::" crypto/bn/Makefile || die "sed failed"

151

+	fi

152

+

153

+	# type -P required on platforms where perl is not installed

154

+	# in the same prefix (prefix-chaining).

155

+	sed -i '1s,^:$,#!'"$(type -P perl)"',' Configure || die #141906

156

+	sed -i '1s/perl5/perl/' tools/c_rehash || die #308455

157

+

158

+	# The config script does stupid stuff to prompt the user.  Kill it.

159

+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die

160

+	./config -t --test-sanity || die "I AM NOT SANE"

161

+

162

+	multilib_copy_sources

163

+}

164

+

165

+multilib_src_configure() {

166

+	unset APPS #197996

167

+	unset SCRIPTS #312551

168

+	unset CROSS_COMPILE #311473

169

+

170

+	tc-export CC AR RANLIB RC

171

+

172

+	# Clean out patent-or-otherwise-encumbered code

173

+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)

174

+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

175

+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

176

+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2

177

+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5

178

+

179

+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }

180

+	echoit() { echo "$@" ; "$@" ; }

181

+

182

+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

183

+

184

+	case $CHOST in

185

+		sparc*-sun-solaris*)

186

+			# openssl doesn't grok this setup, and guesses

187

+			# the architecture wrong causing segfaults,

188

+			# just disable asm for now

189

+			# FIXME: I need to report this upstream

190

+			confopts="${confopts} no-asm"

191

+		;;

192

+		*-aix*)

193

+			# symbols in asm file aren't exported for yet unknown reason

194

+			confopts="${confopts} no-asm"

195

+		;;

196

+	esac

197

+

198

+	# See if our toolchain supports __uint128_t.  If so, it's 64bit

199

+	# friendly and can use the nicely optimized code paths. #460790

200

+	local ec_nistp_64_gcc_128

201

+	# Disable it for now though #469976

202

+	#if ! use bindist ; then

203

+	#	echo "__uint128_t i;" > "${T}"/128.c

204

+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then

205

+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"

206

+	#	fi

207

+	#fi

208

+

209

+	local sslout=$(./gentoo.config)

210

+	einfo "Use configuration ${sslout:-(openssl knows best)}"

211

+	local config="Configure"

212

+	[[ -z ${sslout} ]] && config="config"

213

+

214

+	echoit \

215

+	./${config} \

216

+		${sslout} \

217

+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \

218

+		enable-camellia \

219

+		$(use_ssl !bindist ec) \

220

+		${ec_nistp_64_gcc_128} \

221

+		enable-idea \

222

+		enable-mdc2 \

223

+		enable-rc5 \

224

+		enable-tlsext \

225

+		$(use_ssl asm) \

226

+		$(use_ssl gmp gmp -lgmp) \

227

+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

228

+		$(use_ssl rfc3779) \

229

+		$(use_ssl sctp) \

230

+		$(use_ssl tls-heartbeat heartbeats) \

231

+		$(use_ssl zlib) \

232

+		--prefix="${EPREFIX}"/usr \

233

+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \

234

+		--libdir=$(get_libdir) \

235

+		shared threads ${confopts} \

236

+		|| die

237

+

238

+	if [[ ${CHOST} == i?86*-*-linux* || ${CHOST} == i?86*-*-freebsd* ]]; then

239

+		# does not compile without optimization on x86-linux and x86-fbsd

240

+		filter-flags -O0

241

+		is-flagq -O* || append-flags -O1

242

+	fi

243

+

244

+	# Clean out hardcoded flags that openssl uses

245

+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \

246

+		-e 's:^CFLAG=::' \

247

+		-e 's:-fomit-frame-pointer ::g' \

248

+		-e 's:-O[0-9] ::g' \

249

+		-e 's:-march=[-a-z0-9]* ::g' \

250

+		-e 's:-mcpu=[-a-z0-9]* ::g' \

251

+		-e 's:-m[a-z0-9]* ::g' \

252

+	)

253

+	# CFLAGS can contain : with e.g. MIPSpro

254

+	sed -i \

255

+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \

256

+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \

257

+		Makefile || die

258

+}

259

+

260

+multilib_src_compile() {

261

+	if [[ ${CHOST} == *-winnt* ]]; then

262

+		( cd fips && emake -j1 links PERL=$(type -P perl) ) || die "make links in fips failed"

263

+	fi

264

+

265

+	# depend is needed to use $confopts; it also doesn't matter

266

+	# that it's -j1 as the code itself serializes subdirs

267

+	emake -j1 depend

268

+	emake all

269

+	# rehash is needed to prep the certs/ dir; do this

270

+	# separately to avoid parallel build issues.

271

+	emake rehash

272

+}

273

+

274

+multilib_src_test() {

275

+	emake -j1 test

276

+}

277

+

278

+multilib_src_install() {

279

+	emake INSTALL_PREFIX="${D}" install

280

+}

281

+

282

+multilib_src_install_all() {

283

+	# openssl installs perl version of c_rehash by default, but

284

+	# we provide a shell version via app-misc/c_rehash

285

+	rm "${ED}"/usr/bin/c_rehash || die

286

+

287

+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el

288

+	dohtml -r doc/*

289

+	use rfc3779 && dodoc engines/ccgost/README.gost

290

+

291

+	# This is crappy in that the static archives are still built even

292

+	# when USE=static-libs.  But this is due to a failing in the openssl

293

+	# build system: the static archives are built as PIC all the time.

294

+	# Only way around this would be to manually configure+compile openssl

295

+	# twice; once with shared lib support enabled and once without.

296

+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a

297

+

298

+	# create the certs directory

299

+	dodir ${SSL_CNF_DIR}/certs

300

+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die

301

+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}

302

+

303

+	# Namespace openssl programs to prevent conflicts with other man pages

304

+	cd "${ED}"/usr/share/man

305

+	local m d s

306

+	for m in $(find . -type f | xargs grep -L '#include') ; do

307

+		d=${m%/*} ; d=${d#./} ; m=${m##*/}

308

+		[[ ${m} == openssl.1* ]] && continue

309

+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"

310

+		mv ${d}/{,ssl-}${m}

311

+		# fix up references to renamed man pages

312

+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}

313

+		ln -s ssl-${m} ${d}/openssl-${m}

314

+		# locate any symlinks that point to this man page ... we assume

315

+		# that any broken links are due to the above renaming

316

+		for s in $(find -L ${d} -type l) ; do

317

+			s=${s##*/}

318

+			rm -f ${d}/${s}

319

+			ln -s ssl-${m} ${d}/ssl-${s}

320

+			ln -s ssl-${s} ${d}/openssl-${s}

321

+		done

322

+	done

323

+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("

324

+

325

+	dodir /etc/sandbox.d #254521

326

+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

327

+

328

+	diropts -m0700

329

+	keepdir ${SSL_CNF_DIR}/private

330

+}

331

+

332

+pkg_preinst() {

333

+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0

334

+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 0.9.8)

335

+}

336

+

337

+pkg_postinst() {

338

+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"

339

+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null

340

+	eend $?

341

+

342

+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0

343

+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 0.9.8)

344

+}

1	commit: aa841f0b9685d21a4b7f519a6dc2e5cea155c36c
2	Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
3	AuthorDate: Mon Nov 2 19:06:27 2015 +0000
4	Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
5	CommitDate: Mon Nov 2 19:06:27 2015 +0000
6	URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=aa841f0b
7
8	dev-libs/openssl: sync, bug #564012
9
10	Package-Manager: portage-2.2.20-prefix
11
12	dev-libs/openssl/openssl-1.0.2d-r2.ebuild \| 324 ++++++++++++++++++++++++++++++
13	1 file changed, 324 insertions(+)
14
15	diff --git a/dev-libs/openssl/openssl-1.0.2d-r2.ebuild b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
16	new file mode 100644
17	index 0000000..28ade0c
18	--- /dev/null
19	+++ b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild
20	@@ -0,0 +1,324 @@
21	+# Copyright 1999-2015 Gentoo Foundation
22	+# Distributed under the terms of the GNU General Public License v2
23	+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2d.ebuild,v 1.2 2015/07/10 06:08:30 vapier Exp $
24	+
25	+EAPI="4"
26	+
27	+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
28	+
29	+MY_P=${P/_/-}
30	+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
31	+HOMEPAGE="http://www.openssl.org/"
32	+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
33	+
34	+LICENSE="openssl"
35	+SLOT="0"
36	+KEYWORDS="~ppc-aix ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
37	+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
38	+RESTRICT="!bindist? ( bindist )"
39	+
40	+# The blocks are temporary just to make sure people upgrade to a
41	+# version that lack runtime version checking. We'll drop them in
42	+# the future.
43	+RDEPEND=">=app-misc/c_rehash-1.7-r1
44	+ gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
45	+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
46	+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
47	+ abi_x86_32? (
48	+ !<=app-emulation/emul-linux-x86-baselibs-20140508
49	+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
50	+ )
51	+ !<net-misc/openssh-5.9_p1-r4
52	+ !<net-libs/neon-0.29.6-r1"
53	+DEPEND="${RDEPEND}
54	+ sys-apps/diffutils
55	+ >=dev-lang/perl-5
56	+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
57	+ test? ( sys-devel/bc )"
58	+PDEPEND="app-misc/ca-certificates"
59	+
60	+S="${WORKDIR}/${MY_P}"
61	+
62	+MULTILIB_WRAPPED_HEADERS=(
63	+ usr/include/openssl/opensslconf.h
64	+)
65	+
66	+src_prepare() {
67	+ # keep this in sync with app-misc/c_rehash
68	+ SSL_CNF_DIR="/etc/ssl"
69	+
70	+ # Make sure we only ever touch Makefile.org and avoid patching a file
71	+ # that gets blown away anyways by the Configure script in src_configure
72	+ rm -f Makefile
73	+
74	+ if ! use vanilla ; then
75	+ epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
76	+ epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
77	+ epatch "${FILESDIR}"/${PN}-1.0.2d-parallel-build.patch
78	+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
79	+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
80	+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
81	+ epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
82	+ epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
83	+ epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
84	+
85	+ epatch_user #332661
86	+ fi
87	+
88	+ # disable fips in the build
89	+ # make sure the man pages are suffixed #302165
90	+ # don't bother building man pages if they're disabled
91	+ sed -i \
92	+ -e '/DIRS/s: fips : :g' \
93	+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
94	+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
95	+ -e $(has noman FEATURES \
96	+ && echo '/^install:/s:install_docs::' \
97	+ \|\| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
98	+ Makefile.org \
99	+ \|\| die
100	+ # show the actual commands in the log
101	+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
102	+
103	+ # avoid using /bin/sh because it's fragile on some platforms (Solaris)
104	+ sed -i -e "/SHELL=/s:=.*$:=${CONFIG_SHELL:-${BASH}}:" Makefile.org \|\| die
105	+ sed -i -e "1a\SHELL=${CONFIG_SHELL:-${BASH}}" Makefile.shared \|\| die
106	+
107	+ epatch "${FILESDIR}"/${PN}-0.9.8g-engines-installnames.patch
108	+ epatch "${FILESDIR}"/${PN}-1.0.0a-interix.patch
109	+ epatch "${FILESDIR}"/${PN}-1.0.0a-mint.patch
110	+ epatch "${FILESDIR}"/${PN}-1.0.2a-aix-soname.patch # like libtool
111	+ epatch "${FILESDIR}"/${PN}-1.0.0b-darwin-bundle-compile-fix.patch
112	+ epatch "${FILESDIR}"/${PN}-1.0.2-gethostbyname2-solaris.patch
113	+ if [[ ${CHOST} == -interix ]] ; then
114	+ sed -i -e 's/-Wl,-soname=/-Wl,-h -Wl,/' Makefile.shared \|\| die
115	+ fi
116	+
117	+ # again, this windows patch should not do any harm to others, but
118	+ # header files are copied instead of linked now, so leave it conditional.
119	+ [[ ${CHOST} == -winnt ]] && epatch "${FILESDIR}"/${PN}-0.9.8k-winnt.patch
120	+
121	+ # remove -arch for darwin
122	+ sed -i '/^"darwin/s,-arch [^ ]\+,,g' Configure \|\| die
123	+
124	+ # since we're forcing $(CC) as makedep anyway, just fix
125	+ # the conditional as always-on
126	+ # helps clang (#417795), and versioned gcc (#499818)
127	+ sed -i 's/expr.MAKEDEPEND.;/true;/' util/domd \|\| die
128	+
129	+ # quiet out unknown driver argument warnings since openssl
130	+ # doesn't have well-split CFLAGS and we're making it even worse
131	+ # and 'make depend' uses -Werror for added fun (#417795 again)
132	+ [[ ${CC} == clang ]] && append-flags -Qunused-arguments
133	+
134	+ # allow openssl to be cross-compiled
135	+ cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config \|\| die
136	+ chmod a+rx gentoo.config
137	+
138	+ append-flags -fno-strict-aliasing
139	+ append-flags $(test-flags-CC -Wa,--noexecstack)
140	+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
141	+
142	+ # avoid waiting on terminal input forever when spitting
143	+ # 64bit warning message.
144	+ [[ ${CHOST} == -hpux ]] && sed -i -e 's,stty,true,g' -e 's,read waste,true,g' config
145	+
146	+ # Upstream insists that the GNU assembler fails, so insist on calling the
147	+ # vendor assembler. However, I find otherwise. At least on Solaris-9
148	+ # --darkside (26 Aug 2008)
149	+ if [[ ${CHOST} == sparc-sun-solaris2.9 ]]; then
150	+ sed -i -e "s:/usr/ccs/bin/::" crypto/bn/Makefile \|\| die "sed failed"
151	+ fi
152	+
153	+ # type -P required on platforms where perl is not installed
154	+ # in the same prefix (prefix-chaining).
155	+ sed -i '1s,^:$,#!'"$(type -P perl)"',' Configure \|\| die #141906
156	+ sed -i '1s/perl5/perl/' tools/c_rehash \|\| die #308455
157	+
158	+ # The config script does stupid stuff to prompt the user. Kill it.
159	+ sed -i '/stty -icanon min 0 time 50; read waste/d' config \|\| die
160	+ ./config -t --test-sanity \|\| die "I AM NOT SANE"
161	+
162	+ multilib_copy_sources
163	+}
164	+
165	+multilib_src_configure() {
166	+ unset APPS #197996
167	+ unset SCRIPTS #312551
168	+ unset CROSS_COMPILE #311473
169	+
170	+ tc-export CC AR RANLIB RC
171	+
172	+ # Clean out patent-or-otherwise-encumbered code
173	+ # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
174	+ # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
175	+ # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
176	+ # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
177	+ # RC5: Expired http://en.wikipedia.org/wiki/RC5
178	+
179	+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
180	+ echoit() { echo "$@" ; "$@" ; }
181	+
182	+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
183	+
184	+ case $CHOST in
185	+ sparc-sun-solaris)
186	+ # openssl doesn't grok this setup, and guesses
187	+ # the architecture wrong causing segfaults,
188	+ # just disable asm for now
189	+ # FIXME: I need to report this upstream
190	+ confopts="${confopts} no-asm"
191	+ ;;
192	+ -aix)
193	+ # symbols in asm file aren't exported for yet unknown reason
194	+ confopts="${confopts} no-asm"
195	+ ;;
196	+ esac
197	+
198	+ # See if our toolchain supports __uint128_t. If so, it's 64bit
199	+ # friendly and can use the nicely optimized code paths. #460790
200	+ local ec_nistp_64_gcc_128
201	+ # Disable it for now though #469976
202	+ #if ! use bindist ; then
203	+ # echo "__uint128_t i;" > "${T}"/128.c
204	+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
205	+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
206	+ # fi
207	+ #fi
208	+
209	+ local sslout=$(./gentoo.config)
210	+ einfo "Use configuration ${sslout:-(openssl knows best)}"
211	+ local config="Configure"
212	+ [[ -z ${sslout} ]] && config="config"
213	+
214	+ echoit \
215	+ ./${config} \
216	+ ${sslout} \
217	+ $(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
218	+ enable-camellia \
219	+ $(use_ssl !bindist ec) \
220	+ ${ec_nistp_64_gcc_128} \
221	+ enable-idea \
222	+ enable-mdc2 \
223	+ enable-rc5 \
224	+ enable-tlsext \
225	+ $(use_ssl asm) \
226	+ $(use_ssl gmp gmp -lgmp) \
227	+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
228	+ $(use_ssl rfc3779) \
229	+ $(use_ssl sctp) \
230	+ $(use_ssl tls-heartbeat heartbeats) \
231	+ $(use_ssl zlib) \
232	+ --prefix="${EPREFIX}"/usr \
233	+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
234	+ --libdir=$(get_libdir) \
235	+ shared threads ${confopts} \
236	+ \|\| die
237	+
238	+ if [[ ${CHOST} == i?86--linux* \|\| ${CHOST} == i?86--freebsd* ]]; then
239	+ # does not compile without optimization on x86-linux and x86-fbsd
240	+ filter-flags -O0
241	+ is-flagq -O* \|\| append-flags -O1
242	+ fi
243	+
244	+ # Clean out hardcoded flags that openssl uses
245	+ local CFLAG=$(grep ^CFLAG= Makefile \| LC_ALL=C sed \
246	+ -e 's:^CFLAG=::' \
247	+ -e 's:-fomit-frame-pointer ::g' \
248	+ -e 's:-O[0-9] ::g' \
249	+ -e 's:-march=[-a-z0-9]* ::g' \
250	+ -e 's:-mcpu=[-a-z0-9]* ::g' \
251	+ -e 's:-m[a-z0-9]* ::g' \
252	+ )
253	+ # CFLAGS can contain : with e.g. MIPSpro
254	+ sed -i \
255	+ -e "/^CFLAG/s\|=.*\|=${CFLAG} ${CFLAGS}\|" \
256	+ -e "/^SHARED_LDFLAGS=/s\|$\| ${LDFLAGS}\|" \
257	+ Makefile \|\| die
258	+}
259	+
260	+multilib_src_compile() {
261	+ if [[ ${CHOST} == -winnt ]]; then
262	+ ( cd fips && emake -j1 links PERL=$(type -P perl) ) \|\| die "make links in fips failed"
263	+ fi
264	+
265	+ # depend is needed to use $confopts; it also doesn't matter
266	+ # that it's -j1 as the code itself serializes subdirs
267	+ emake -j1 depend
268	+ emake all
269	+ # rehash is needed to prep the certs/ dir; do this
270	+ # separately to avoid parallel build issues.
271	+ emake rehash
272	+}
273	+
274	+multilib_src_test() {
275	+ emake -j1 test
276	+}
277	+
278	+multilib_src_install() {
279	+ emake INSTALL_PREFIX="${D}" install
280	+}
281	+
282	+multilib_src_install_all() {
283	+ # openssl installs perl version of c_rehash by default, but
284	+ # we provide a shell version via app-misc/c_rehash
285	+ rm "${ED}"/usr/bin/c_rehash \|\| die
286	+
287	+ dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
288	+ dohtml -r doc/*
289	+ use rfc3779 && dodoc engines/ccgost/README.gost
290	+
291	+ # This is crappy in that the static archives are still built even
292	+ # when USE=static-libs. But this is due to a failing in the openssl
293	+ # build system: the static archives are built as PIC all the time.
294	+ # Only way around this would be to manually configure+compile openssl
295	+ # twice; once with shared lib support enabled and once without.
296	+ use static-libs \|\| rm -f "${ED}"/usr/lib/lib.a
297	+
298	+ # create the certs directory
299	+ dodir ${SSL_CNF_DIR}/certs
300	+ cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ \|\| die
301	+ rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
302	+
303	+ # Namespace openssl programs to prevent conflicts with other man pages
304	+ cd "${ED}"/usr/share/man
305	+ local m d s
306	+ for m in $(find . -type f \| xargs grep -L '#include') ; do
307	+ d=${m%/} ; d=${d#./} ; m=${m##/}
308	+ [[ ${m} == openssl.1* ]] && continue
309	+ [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
310	+ mv ${d}/{,ssl-}${m}
311	+ # fix up references to renamed man pages
312	+ sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
313	+ ln -s ssl-${m} ${d}/openssl-${m}
314	+ # locate any symlinks that point to this man page ... we assume
315	+ # that any broken links are due to the above renaming
316	+ for s in $(find -L ${d} -type l) ; do
317	+ s=${s##*/}
318	+ rm -f ${d}/${s}
319	+ ln -s ssl-${m} ${d}/ssl-${s}
320	+ ln -s ssl-${s} ${d}/openssl-${s}
321	+ done
322	+ done
323	+ [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
324	+
325	+ dodir /etc/sandbox.d #254521
326	+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
327	+
328	+ diropts -m0700
329	+ keepdir ${SSL_CNF_DIR}/private
330	+}
331	+
332	+pkg_preinst() {
333	+ has_version ${CATEGORY}/${PN}:0.9.8 && return 0
334	+ preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 0.9.8)
335	+}
336	+
337	+pkg_postinst() {
338	+ ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
339	+ c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
340	+ eend $?
341	+
342	+ has_version ${CATEGORY}/${PN}:0.9.8 && return 0
343	+ preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 0.9.8)
344	+}

Gentoo Archives: gentoo-commits