1 |
commit: aa841f0b9685d21a4b7f519a6dc2e5cea155c36c |
2 |
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Nov 2 19:06:27 2015 +0000 |
4 |
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Nov 2 19:06:27 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=aa841f0b |
7 |
|
8 |
dev-libs/openssl: sync, bug #564012 |
9 |
|
10 |
Package-Manager: portage-2.2.20-prefix |
11 |
|
12 |
dev-libs/openssl/openssl-1.0.2d-r2.ebuild | 324 ++++++++++++++++++++++++++++++ |
13 |
1 file changed, 324 insertions(+) |
14 |
|
15 |
diff --git a/dev-libs/openssl/openssl-1.0.2d-r2.ebuild b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild |
16 |
new file mode 100644 |
17 |
index 0000000..28ade0c |
18 |
--- /dev/null |
19 |
+++ b/dev-libs/openssl/openssl-1.0.2d-r2.ebuild |
20 |
@@ -0,0 +1,324 @@ |
21 |
+# Copyright 1999-2015 Gentoo Foundation |
22 |
+# Distributed under the terms of the GNU General Public License v2 |
23 |
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2d.ebuild,v 1.2 2015/07/10 06:08:30 vapier Exp $ |
24 |
+ |
25 |
+EAPI="4" |
26 |
+ |
27 |
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
28 |
+ |
29 |
+MY_P=${P/_/-} |
30 |
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
31 |
+HOMEPAGE="http://www.openssl.org/" |
32 |
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" |
33 |
+ |
34 |
+LICENSE="openssl" |
35 |
+SLOT="0" |
36 |
+KEYWORDS="~ppc-aix ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
37 |
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib" |
38 |
+RESTRICT="!bindist? ( bindist )" |
39 |
+ |
40 |
+# The blocks are temporary just to make sure people upgrade to a |
41 |
+# version that lack runtime version checking. We'll drop them in |
42 |
+# the future. |
43 |
+RDEPEND=">=app-misc/c_rehash-1.7-r1 |
44 |
+ gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
45 |
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) |
46 |
+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] ) |
47 |
+ abi_x86_32? ( |
48 |
+ !<=app-emulation/emul-linux-x86-baselibs-20140508 |
49 |
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] |
50 |
+ ) |
51 |
+ !<net-misc/openssh-5.9_p1-r4 |
52 |
+ !<net-libs/neon-0.29.6-r1" |
53 |
+DEPEND="${RDEPEND} |
54 |
+ sys-apps/diffutils |
55 |
+ >=dev-lang/perl-5 |
56 |
+ sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
57 |
+ test? ( sys-devel/bc )" |
58 |
+PDEPEND="app-misc/ca-certificates" |
59 |
+ |
60 |
+S="${WORKDIR}/${MY_P}" |
61 |
+ |
62 |
+MULTILIB_WRAPPED_HEADERS=( |
63 |
+ usr/include/openssl/opensslconf.h |
64 |
+) |
65 |
+ |
66 |
+src_prepare() { |
67 |
+ # keep this in sync with app-misc/c_rehash |
68 |
+ SSL_CNF_DIR="/etc/ssl" |
69 |
+ |
70 |
+ # Make sure we only ever touch Makefile.org and avoid patching a file |
71 |
+ # that gets blown away anyways by the Configure script in src_configure |
72 |
+ rm -f Makefile |
73 |
+ |
74 |
+ if ! use vanilla ; then |
75 |
+ epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 |
76 |
+ epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 |
77 |
+ epatch "${FILESDIR}"/${PN}-1.0.2d-parallel-build.patch |
78 |
+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch |
79 |
+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch |
80 |
+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028 |
81 |
+ epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch |
82 |
+ epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618 |
83 |
+ epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338 |
84 |
+ |
85 |
+ epatch_user #332661 |
86 |
+ fi |
87 |
+ |
88 |
+ # disable fips in the build |
89 |
+ # make sure the man pages are suffixed #302165 |
90 |
+ # don't bother building man pages if they're disabled |
91 |
+ sed -i \ |
92 |
+ -e '/DIRS/s: fips : :g' \ |
93 |
+ -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
94 |
+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
95 |
+ -e $(has noman FEATURES \ |
96 |
+ && echo '/^install:/s:install_docs::' \ |
97 |
+ || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
98 |
+ Makefile.org \ |
99 |
+ || die |
100 |
+ # show the actual commands in the log |
101 |
+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared |
102 |
+ |
103 |
+ # avoid using /bin/sh because it's fragile on some platforms (Solaris) |
104 |
+ sed -i -e "/SHELL=/s:=.*$:=${CONFIG_SHELL:-${BASH}}:" Makefile.org || die |
105 |
+ sed -i -e "1a\SHELL=${CONFIG_SHELL:-${BASH}}" Makefile.shared || die |
106 |
+ |
107 |
+ epatch "${FILESDIR}"/${PN}-0.9.8g-engines-installnames.patch |
108 |
+ epatch "${FILESDIR}"/${PN}-1.0.0a-interix.patch |
109 |
+ epatch "${FILESDIR}"/${PN}-1.0.0a-mint.patch |
110 |
+ epatch "${FILESDIR}"/${PN}-1.0.2a-aix-soname.patch # like libtool |
111 |
+ epatch "${FILESDIR}"/${PN}-1.0.0b-darwin-bundle-compile-fix.patch |
112 |
+ epatch "${FILESDIR}"/${PN}-1.0.2-gethostbyname2-solaris.patch |
113 |
+ if [[ ${CHOST} == *-interix* ]] ; then |
114 |
+ sed -i -e 's/-Wl,-soname=/-Wl,-h -Wl,/' Makefile.shared || die |
115 |
+ fi |
116 |
+ |
117 |
+ # again, this windows patch should not do any harm to others, but |
118 |
+ # header files are copied instead of linked now, so leave it conditional. |
119 |
+ [[ ${CHOST} == *-winnt* ]] && epatch "${FILESDIR}"/${PN}-0.9.8k-winnt.patch |
120 |
+ |
121 |
+ # remove -arch for darwin |
122 |
+ sed -i '/^"darwin/s,-arch [^ ]\+,,g' Configure || die |
123 |
+ |
124 |
+ # since we're forcing $(CC) as makedep anyway, just fix |
125 |
+ # the conditional as always-on |
126 |
+ # helps clang (#417795), and versioned gcc (#499818) |
127 |
+ sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die |
128 |
+ |
129 |
+ # quiet out unknown driver argument warnings since openssl |
130 |
+ # doesn't have well-split CFLAGS and we're making it even worse |
131 |
+ # and 'make depend' uses -Werror for added fun (#417795 again) |
132 |
+ [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
133 |
+ |
134 |
+ # allow openssl to be cross-compiled |
135 |
+ cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die |
136 |
+ chmod a+rx gentoo.config |
137 |
+ |
138 |
+ append-flags -fno-strict-aliasing |
139 |
+ append-flags $(test-flags-CC -Wa,--noexecstack) |
140 |
+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
141 |
+ |
142 |
+ # avoid waiting on terminal input forever when spitting |
143 |
+ # 64bit warning message. |
144 |
+ [[ ${CHOST} == *-hpux* ]] && sed -i -e 's,stty,true,g' -e 's,read waste,true,g' config |
145 |
+ |
146 |
+ # Upstream insists that the GNU assembler fails, so insist on calling the |
147 |
+ # vendor assembler. However, I find otherwise. At least on Solaris-9 |
148 |
+ # --darkside (26 Aug 2008) |
149 |
+ if [[ ${CHOST} == sparc-sun-solaris2.9 ]]; then |
150 |
+ sed -i -e "s:/usr/ccs/bin/::" crypto/bn/Makefile || die "sed failed" |
151 |
+ fi |
152 |
+ |
153 |
+ # type -P required on platforms where perl is not installed |
154 |
+ # in the same prefix (prefix-chaining). |
155 |
+ sed -i '1s,^:$,#!'"$(type -P perl)"',' Configure || die #141906 |
156 |
+ sed -i '1s/perl5/perl/' tools/c_rehash || die #308455 |
157 |
+ |
158 |
+ # The config script does stupid stuff to prompt the user. Kill it. |
159 |
+ sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
160 |
+ ./config -t --test-sanity || die "I AM NOT SANE" |
161 |
+ |
162 |
+ multilib_copy_sources |
163 |
+} |
164 |
+ |
165 |
+multilib_src_configure() { |
166 |
+ unset APPS #197996 |
167 |
+ unset SCRIPTS #312551 |
168 |
+ unset CROSS_COMPILE #311473 |
169 |
+ |
170 |
+ tc-export CC AR RANLIB RC |
171 |
+ |
172 |
+ # Clean out patent-or-otherwise-encumbered code |
173 |
+ # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) |
174 |
+ # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm |
175 |
+ # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography |
176 |
+ # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 |
177 |
+ # RC5: Expired http://en.wikipedia.org/wiki/RC5 |
178 |
+ |
179 |
+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
180 |
+ echoit() { echo "$@" ; "$@" ; } |
181 |
+ |
182 |
+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
183 |
+ |
184 |
+ case $CHOST in |
185 |
+ sparc*-sun-solaris*) |
186 |
+ # openssl doesn't grok this setup, and guesses |
187 |
+ # the architecture wrong causing segfaults, |
188 |
+ # just disable asm for now |
189 |
+ # FIXME: I need to report this upstream |
190 |
+ confopts="${confopts} no-asm" |
191 |
+ ;; |
192 |
+ *-aix*) |
193 |
+ # symbols in asm file aren't exported for yet unknown reason |
194 |
+ confopts="${confopts} no-asm" |
195 |
+ ;; |
196 |
+ esac |
197 |
+ |
198 |
+ # See if our toolchain supports __uint128_t. If so, it's 64bit |
199 |
+ # friendly and can use the nicely optimized code paths. #460790 |
200 |
+ local ec_nistp_64_gcc_128 |
201 |
+ # Disable it for now though #469976 |
202 |
+ #if ! use bindist ; then |
203 |
+ # echo "__uint128_t i;" > "${T}"/128.c |
204 |
+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
205 |
+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
206 |
+ # fi |
207 |
+ #fi |
208 |
+ |
209 |
+ local sslout=$(./gentoo.config) |
210 |
+ einfo "Use configuration ${sslout:-(openssl knows best)}" |
211 |
+ local config="Configure" |
212 |
+ [[ -z ${sslout} ]] && config="config" |
213 |
+ |
214 |
+ echoit \ |
215 |
+ ./${config} \ |
216 |
+ ${sslout} \ |
217 |
+ $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
218 |
+ enable-camellia \ |
219 |
+ $(use_ssl !bindist ec) \ |
220 |
+ ${ec_nistp_64_gcc_128} \ |
221 |
+ enable-idea \ |
222 |
+ enable-mdc2 \ |
223 |
+ enable-rc5 \ |
224 |
+ enable-tlsext \ |
225 |
+ $(use_ssl asm) \ |
226 |
+ $(use_ssl gmp gmp -lgmp) \ |
227 |
+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ |
228 |
+ $(use_ssl rfc3779) \ |
229 |
+ $(use_ssl sctp) \ |
230 |
+ $(use_ssl tls-heartbeat heartbeats) \ |
231 |
+ $(use_ssl zlib) \ |
232 |
+ --prefix="${EPREFIX}"/usr \ |
233 |
+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
234 |
+ --libdir=$(get_libdir) \ |
235 |
+ shared threads ${confopts} \ |
236 |
+ || die |
237 |
+ |
238 |
+ if [[ ${CHOST} == i?86*-*-linux* || ${CHOST} == i?86*-*-freebsd* ]]; then |
239 |
+ # does not compile without optimization on x86-linux and x86-fbsd |
240 |
+ filter-flags -O0 |
241 |
+ is-flagq -O* || append-flags -O1 |
242 |
+ fi |
243 |
+ |
244 |
+ # Clean out hardcoded flags that openssl uses |
245 |
+ local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ |
246 |
+ -e 's:^CFLAG=::' \ |
247 |
+ -e 's:-fomit-frame-pointer ::g' \ |
248 |
+ -e 's:-O[0-9] ::g' \ |
249 |
+ -e 's:-march=[-a-z0-9]* ::g' \ |
250 |
+ -e 's:-mcpu=[-a-z0-9]* ::g' \ |
251 |
+ -e 's:-m[a-z0-9]* ::g' \ |
252 |
+ ) |
253 |
+ # CFLAGS can contain : with e.g. MIPSpro |
254 |
+ sed -i \ |
255 |
+ -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ |
256 |
+ -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ |
257 |
+ Makefile || die |
258 |
+} |
259 |
+ |
260 |
+multilib_src_compile() { |
261 |
+ if [[ ${CHOST} == *-winnt* ]]; then |
262 |
+ ( cd fips && emake -j1 links PERL=$(type -P perl) ) || die "make links in fips failed" |
263 |
+ fi |
264 |
+ |
265 |
+ # depend is needed to use $confopts; it also doesn't matter |
266 |
+ # that it's -j1 as the code itself serializes subdirs |
267 |
+ emake -j1 depend |
268 |
+ emake all |
269 |
+ # rehash is needed to prep the certs/ dir; do this |
270 |
+ # separately to avoid parallel build issues. |
271 |
+ emake rehash |
272 |
+} |
273 |
+ |
274 |
+multilib_src_test() { |
275 |
+ emake -j1 test |
276 |
+} |
277 |
+ |
278 |
+multilib_src_install() { |
279 |
+ emake INSTALL_PREFIX="${D}" install |
280 |
+} |
281 |
+ |
282 |
+multilib_src_install_all() { |
283 |
+ # openssl installs perl version of c_rehash by default, but |
284 |
+ # we provide a shell version via app-misc/c_rehash |
285 |
+ rm "${ED}"/usr/bin/c_rehash || die |
286 |
+ |
287 |
+ dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
288 |
+ dohtml -r doc/* |
289 |
+ use rfc3779 && dodoc engines/ccgost/README.gost |
290 |
+ |
291 |
+ # This is crappy in that the static archives are still built even |
292 |
+ # when USE=static-libs. But this is due to a failing in the openssl |
293 |
+ # build system: the static archives are built as PIC all the time. |
294 |
+ # Only way around this would be to manually configure+compile openssl |
295 |
+ # twice; once with shared lib support enabled and once without. |
296 |
+ use static-libs || rm -f "${ED}"/usr/lib*/lib*.a |
297 |
+ |
298 |
+ # create the certs directory |
299 |
+ dodir ${SSL_CNF_DIR}/certs |
300 |
+ cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die |
301 |
+ rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} |
302 |
+ |
303 |
+ # Namespace openssl programs to prevent conflicts with other man pages |
304 |
+ cd "${ED}"/usr/share/man |
305 |
+ local m d s |
306 |
+ for m in $(find . -type f | xargs grep -L '#include') ; do |
307 |
+ d=${m%/*} ; d=${d#./} ; m=${m##*/} |
308 |
+ [[ ${m} == openssl.1* ]] && continue |
309 |
+ [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
310 |
+ mv ${d}/{,ssl-}${m} |
311 |
+ # fix up references to renamed man pages |
312 |
+ sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
313 |
+ ln -s ssl-${m} ${d}/openssl-${m} |
314 |
+ # locate any symlinks that point to this man page ... we assume |
315 |
+ # that any broken links are due to the above renaming |
316 |
+ for s in $(find -L ${d} -type l) ; do |
317 |
+ s=${s##*/} |
318 |
+ rm -f ${d}/${s} |
319 |
+ ln -s ssl-${m} ${d}/ssl-${s} |
320 |
+ ln -s ssl-${s} ${d}/openssl-${s} |
321 |
+ done |
322 |
+ done |
323 |
+ [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
324 |
+ |
325 |
+ dodir /etc/sandbox.d #254521 |
326 |
+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
327 |
+ |
328 |
+ diropts -m0700 |
329 |
+ keepdir ${SSL_CNF_DIR}/private |
330 |
+} |
331 |
+ |
332 |
+pkg_preinst() { |
333 |
+ has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
334 |
+ preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 0.9.8) |
335 |
+} |
336 |
+ |
337 |
+pkg_postinst() { |
338 |
+ ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
339 |
+ c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null |
340 |
+ eend $? |
341 |
+ |
342 |
+ has_version ${CATEGORY}/${PN}:0.9.8 && return 0 |
343 |
+ preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 0.9.8) |
344 |
+} |