[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
Date:	Fri, 08 May 2020 23:28:07
Message-Id:	`1588980474.55191829ad11e7f0e48e90e0a3e80c1b9f418d9b.whissi@gentoo`

1

commit:     55191829ad11e7f0e48e90e0a3e80c1b9f418d9b

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Fri May  8 23:27:36 2020 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Fri May  8 23:27:54 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55191829

7

8

dev-libs/openssl-compat: use versioned symbols for OpenSSL binary compatibility

9

10

Closes: https://bugs.gentoo.org/720226

11

Package-Manager: Portage-2.3.99, Repoman-2.3.22

12

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

13

14

 dev-libs/openssl-compat/Manifest                   |   1 +

15

 .../openssl-compat/openssl-compat-1.0.2u-r1.ebuild | 249 +++++++++++++++++++++

16

 2 files changed, 250 insertions(+)

17

18

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest

19

index f8e304a6376..1d79926b78f 100644

20

--- a/dev-libs/openssl-compat/Manifest

21

+++ b/dev-libs/openssl-compat/Manifest

22

@@ -2,3 +2,4 @@ DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b384

23

 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659

24

 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6

25

 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32

26

+DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9

27

28

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild

29

new file mode 100644

30

index 00000000000..2885b3e2a41

31

--- /dev/null

32

+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild

33

@@ -0,0 +1,249 @@

34

+# Copyright 1999-2020 Gentoo Authors

35

+# Distributed under the terms of the GNU General Public License v2

36

+

37

+EAPI="7"

38

+

39

+inherit flag-o-matic toolchain-funcs multilib multilib-minimal

40

+

41

+# openssl-1.0.2-patches-1.6 contain additional CVE patches

42

+# which got fixed with this release.

43

+# Please use 1.7 version number when rolling a new tarball!

44

+PATCH_SET="openssl-1.0.2-patches-1.5"

45

+

46

+MY_P=openssl-${PV/_/-}

47

+

48

+# This patch set is based on the following files from Fedora 25,

49

+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec

50

+# for more details:

51

+# - hobble-openssl (SOURCE1)

52

+# - ec_curve.c (SOURCE12) -- MODIFIED

53

+# - ectest.c (SOURCE13)

54

+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED

55

+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"

56

+

57

+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"

58

+HOMEPAGE="https://www.openssl.org/"

59

+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz

60

+	bindist? (

61

+		mirror://gentoo/${BINDIST_PATCH_SET}

62

+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}

63

+	)

64

+	!vanilla? (

65

+		mirror://gentoo/${PATCH_SET}.tar.xz

66

+		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz

67

+		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz

68

+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz

69

+	)

70

+	https://dev.gentoo.org/~whissi/dist/openssl/openssl-compat-1.0.2u-versioned-symbols.patch.gz"

71

+

72

+LICENSE="openssl"

73

+SLOT="1.0.0"

74

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"

75

+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"

76

+

77

+RESTRICT="!bindist? ( bindist )

78

+	test"

79

+

80

+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

81

+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )

82

+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

83

+	!=dev-libs/openssl-1.0.2*:0

84

+	!dev-libs/openssl:1.0.0"

85

+DEPEND="${RDEPEND}"

86

+BDEPEND="

87

+	>=dev-lang/perl-5

88

+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

89

+	test? (

90

+		sys-apps/diffutils

91

+		sys-devel/bc

92

+	)"

93

+

94

+# Do not install any docs

95

+DOCS=()

96

+

97

+S="${WORKDIR}/${MY_P}"

98

+

99

+MULTILIB_WRAPPED_HEADERS=(

100

+	usr/include/openssl/opensslconf.h

101

+)

102

+

103

+src_prepare() {

104

+	mv "${WORKDIR}"/openssl-compat-1.0.2u-versioned-symbols.patch "${WORKDIR}"/patch || die

105

+

106

+	if use bindist; then

107

+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die

108

+		bash "${WORKDIR}"/hobble-openssl || die

109

+

110

+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die

111

+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die

112

+

113

+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch

114

+

115

+		# Also see the configure parts below:

116

+		# enable-ec \

117

+		# $(use_ssl !bindist ec2m) \

118

+		# $(use_ssl !bindist srp) \

119

+	fi

120

+

121

+	# keep this in sync with app-misc/c_rehash

122

+	SSL_CNF_DIR="/etc/ssl"

123

+

124

+	# Make sure we only ever touch Makefile.org and avoid patching a file

125

+	# that gets blown away anyways by the Configure script in src_configure

126

+	rm -f Makefile

127

+

128

+	if ! use vanilla ; then

129

+		eapply "${WORKDIR}"/patch/*.patch

130

+	fi

131

+

132

+	eapply_user

133

+

134

+	# disable fips in the build

135

+	# make sure the man pages are suffixed #302165

136

+	# don't bother building man pages if they're disabled

137

+	sed -i \

138

+		-e '/DIRS/s: fips : :g' \

139

+		-e '/^MANSUFFIX/s:=.*:=ssl:' \

140

+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

141

+		-e $(has noman FEATURES \

142

+			&& echo '/^install:/s:install_docs::' \

143

+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \

144

+		Makefile.org \

145

+		|| die

146

+	# show the actual commands in the log

147

+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared

148

+

149

+	# since we're forcing $(CC) as makedep anyway, just fix

150

+	# the conditional as always-on

151

+	# helps clang (#417795), and versioned gcc (#499818)

152

+	# this breaks build with 1.0.2p, not sure if it is needed anymore

153

+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die

154

+

155

+	# quiet out unknown driver argument warnings since openssl

156

+	# doesn't have well-split CFLAGS and we're making it even worse

157

+	# and 'make depend' uses -Werror for added fun (#417795 again)

158

+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

159

+

160

+	# allow openssl to be cross-compiled

161

+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

162

+	chmod a+rx gentoo.config || die

163

+

164

+	append-flags -fno-strict-aliasing

165

+	append-flags $(test-flags-CC -Wa,--noexecstack)

166

+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS

167

+

168

+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906

169

+	# The config script does stupid stuff to prompt the user.  Kill it.

170

+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die

171

+	./config --test-sanity || die "I AM NOT SANE"

172

+

173

+	multilib_copy_sources

174

+}

175

+

176

+multilib_src_configure() {

177

+	unset APPS #197996

178

+	unset SCRIPTS #312551

179

+	unset CROSS_COMPILE #311473

180

+

181

+	tc-export CC AR RANLIB RC

182

+

183

+	# Clean out patent-or-otherwise-encumbered code

184

+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)

185

+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

186

+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

187

+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2

188

+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5

189

+

190

+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }

191

+	echoit() { echo "$@" ; "$@" ; }

192

+

193

+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

194

+

195

+	# See if our toolchain supports __uint128_t.  If so, it's 64bit

196

+	# friendly and can use the nicely optimized code paths. #460790

197

+	local ec_nistp_64_gcc_128

198

+	# Disable it for now though #469976

199

+	#if ! use bindist ; then

200

+	#	echo "__uint128_t i;" > "${T}"/128.c

201

+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then

202

+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"

203

+	#	fi

204

+	#fi

205

+

206

+	# https://github.com/openssl/openssl/issues/2286

207

+	if use ia64 ; then

208

+		replace-flags -g3 -g2

209

+		replace-flags -ggdb3 -ggdb2

210

+	fi

211

+

212

+	local sslout=$(./gentoo.config)

213

+	einfo "Use configuration ${sslout:-(openssl knows best)}"

214

+	local config="Configure"

215

+	[[ -z ${sslout} ]] && config="config"

216

+

217

+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'

218

+	# Make sure user flags don't get added *yet* to avoid duplicated

219

+	# flags.

220

+	CFLAGS= LDFLAGS= echoit \

221

+	./${config} \

222

+		${sslout} \

223

+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \

224

+		enable-camellia \

225

+		enable-ec \

226

+		$(use_ssl !bindist ec2m) \

227

+		$(use_ssl !bindist srp) \

228

+		${ec_nistp_64_gcc_128} \

229

+		enable-idea \

230

+		enable-mdc2 \

231

+		enable-rc5 \

232

+		enable-tlsext \

233

+		$(use_ssl asm) \

234

+		$(use_ssl gmp gmp -lgmp) \

235

+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

236

+		$(use_ssl rfc3779) \

237

+		$(use_ssl sctp) \

238

+		$(use_ssl sslv2 ssl2) \

239

+		$(use_ssl sslv3 ssl3) \

240

+		$(use_ssl tls-heartbeat heartbeats) \

241

+		$(use_ssl zlib) \

242

+		--prefix="${EPREFIX}"/usr \

243

+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \

244

+		--libdir=$(get_libdir) \

245

+		shared threads \

246

+		|| die

247

+

248

+	# Clean out hardcoded flags that openssl uses

249

+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \

250

+		-e 's:^CFLAG=::' \

251

+		-e 's:\(^\| \)-fomit-frame-pointer::g' \

252

+		-e 's:\(^\| \)-O[^ ]*::g' \

253

+		-e 's:\(^\| \)-march=[^ ]*::g' \

254

+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \

255

+		-e 's:\(^\| \)-m[^ ]*::g' \

256

+		-e 's:^ *::' \

257

+		-e 's: *$::' \

258

+		-e 's: \+: :g' \

259

+		-e 's:\\:\\\\:g'

260

+	)

261

+

262

+	# Now insert clean default flags with user flags

263

+	sed -i \

264

+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \

265

+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \

266

+		Makefile || die

267

+}

268

+

269

+multilib_src_compile() {

270

+	# depend is needed to use $confopts; it also doesn't matter

271

+	# that it's -j1 as the code itself serializes subdirs

272

+	emake -j1 V=1 depend

273

+	emake build_libs

274

+}

275

+

276

+multilib_src_test() {

277

+	emake -j1 test

278

+}

279

+

280

+multilib_src_install() {

281

+	dolib.so lib{crypto,ssl}.so.${SLOT}

282

+}

1	commit: 55191829ad11e7f0e48e90e0a3e80c1b9f418d9b
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Fri May 8 23:27:36 2020 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Fri May 8 23:27:54 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55191829
7
8	dev-libs/openssl-compat: use versioned symbols for OpenSSL binary compatibility
9
10	Closes: https://bugs.gentoo.org/720226
11	Package-Manager: Portage-2.3.99, Repoman-2.3.22
12	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14	dev-libs/openssl-compat/Manifest \| 1 +
15	.../openssl-compat/openssl-compat-1.0.2u-r1.ebuild \| 249 +++++++++++++++++++++
16	2 files changed, 250 insertions(+)
17
18	diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
19	index f8e304a6376..1d79926b78f 100644
20	--- a/dev-libs/openssl-compat/Manifest
21	+++ b/dev-libs/openssl-compat/Manifest
22	@@ -2,3 +2,4 @@ DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b384
23	DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
24	DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
25	DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
26	+DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
27
28	diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
29	new file mode 100644
30	index 00000000000..2885b3e2a41
31	--- /dev/null
32	+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2u-r1.ebuild
33	@@ -0,0 +1,249 @@
34	+# Copyright 1999-2020 Gentoo Authors
35	+# Distributed under the terms of the GNU General Public License v2
36	+
37	+EAPI="7"
38	+
39	+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
40	+
41	+# openssl-1.0.2-patches-1.6 contain additional CVE patches
42	+# which got fixed with this release.
43	+# Please use 1.7 version number when rolling a new tarball!
44	+PATCH_SET="openssl-1.0.2-patches-1.5"
45	+
46	+MY_P=openssl-${PV/_/-}
47	+
48	+# This patch set is based on the following files from Fedora 25,
49	+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
50	+# for more details:
51	+# - hobble-openssl (SOURCE1)
52	+# - ec_curve.c (SOURCE12) -- MODIFIED
53	+# - ectest.c (SOURCE13)
54	+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
55	+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
56	+
57	+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
58	+HOMEPAGE="https://www.openssl.org/"
59	+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
60	+ bindist? (
61	+ mirror://gentoo/${BINDIST_PATCH_SET}
62	+ https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
63	+ )
64	+ !vanilla? (
65	+ mirror://gentoo/${PATCH_SET}.tar.xz
66	+ https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
67	+ https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
68	+ https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
69	+ )
70	+ https://dev.gentoo.org/~whissi/dist/openssl/openssl-compat-1.0.2u-versioned-symbols.patch.gz"
71	+
72	+LICENSE="openssl"
73	+SLOT="1.0.0"
74	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
75	+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
76	+
77	+RESTRICT="!bindist? ( bindist )
78	+ test"
79	+
80	+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
81	+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
82	+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
83	+ !=dev-libs/openssl-1.0.2*:0
84	+ !dev-libs/openssl:1.0.0"
85	+DEPEND="${RDEPEND}"
86	+BDEPEND="
87	+ >=dev-lang/perl-5
88	+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
89	+ test? (
90	+ sys-apps/diffutils
91	+ sys-devel/bc
92	+ )"
93	+
94	+# Do not install any docs
95	+DOCS=()
96	+
97	+S="${WORKDIR}/${MY_P}"
98	+
99	+MULTILIB_WRAPPED_HEADERS=(
100	+ usr/include/openssl/opensslconf.h
101	+)
102	+
103	+src_prepare() {
104	+ mv "${WORKDIR}"/openssl-compat-1.0.2u-versioned-symbols.patch "${WORKDIR}"/patch \|\| die
105	+
106	+ if use bindist; then
107	+ mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" \|\| die
108	+ bash "${WORKDIR}"/hobble-openssl \|\| die
109	+
110	+ cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ \|\| die
111	+ cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ \|\| die
112	+
113	+ eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
114	+
115	+ # Also see the configure parts below:
116	+ # enable-ec \
117	+ # $(use_ssl !bindist ec2m) \
118	+ # $(use_ssl !bindist srp) \
119	+ fi
120	+
121	+ # keep this in sync with app-misc/c_rehash
122	+ SSL_CNF_DIR="/etc/ssl"
123	+
124	+ # Make sure we only ever touch Makefile.org and avoid patching a file
125	+ # that gets blown away anyways by the Configure script in src_configure
126	+ rm -f Makefile
127	+
128	+ if ! use vanilla ; then
129	+ eapply "${WORKDIR}"/patch/*.patch
130	+ fi
131	+
132	+ eapply_user
133	+
134	+ # disable fips in the build
135	+ # make sure the man pages are suffixed #302165
136	+ # don't bother building man pages if they're disabled
137	+ sed -i \
138	+ -e '/DIRS/s: fips : :g' \
139	+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
140	+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
141	+ -e $(has noman FEATURES \
142	+ && echo '/^install:/s:install_docs::' \
143	+ \|\| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
144	+ Makefile.org \
145	+ \|\| die
146	+ # show the actual commands in the log
147	+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
148	+
149	+ # since we're forcing $(CC) as makedep anyway, just fix
150	+ # the conditional as always-on
151	+ # helps clang (#417795), and versioned gcc (#499818)
152	+ # this breaks build with 1.0.2p, not sure if it is needed anymore
153	+ #sed -i 's/expr.MAKEDEPEND.;/true;/' util/domd \|\| die
154	+
155	+ # quiet out unknown driver argument warnings since openssl
156	+ # doesn't have well-split CFLAGS and we're making it even worse
157	+ # and 'make depend' uses -Werror for added fun (#417795 again)
158	+ [[ ${CC} == clang ]] && append-flags -Qunused-arguments
159	+
160	+ # allow openssl to be cross-compiled
161	+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config \|\| die
162	+ chmod a+rx gentoo.config \|\| die
163	+
164	+ append-flags -fno-strict-aliasing
165	+ append-flags $(test-flags-CC -Wa,--noexecstack)
166	+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
167	+
168	+ sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
169	+ # The config script does stupid stuff to prompt the user. Kill it.
170	+ sed -i '/stty -icanon min 0 time 50; read waste/d' config \|\| die
171	+ ./config --test-sanity \|\| die "I AM NOT SANE"
172	+
173	+ multilib_copy_sources
174	+}
175	+
176	+multilib_src_configure() {
177	+ unset APPS #197996
178	+ unset SCRIPTS #312551
179	+ unset CROSS_COMPILE #311473
180	+
181	+ tc-export CC AR RANLIB RC
182	+
183	+ # Clean out patent-or-otherwise-encumbered code
184	+ # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
185	+ # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
186	+ # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
187	+ # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
188	+ # RC5: Expired https://en.wikipedia.org/wiki/RC5
189	+
190	+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
191	+ echoit() { echo "$@" ; "$@" ; }
192	+
193	+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
194	+
195	+ # See if our toolchain supports __uint128_t. If so, it's 64bit
196	+ # friendly and can use the nicely optimized code paths. #460790
197	+ local ec_nistp_64_gcc_128
198	+ # Disable it for now though #469976
199	+ #if ! use bindist ; then
200	+ # echo "__uint128_t i;" > "${T}"/128.c
201	+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
202	+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
203	+ # fi
204	+ #fi
205	+
206	+ # https://github.com/openssl/openssl/issues/2286
207	+ if use ia64 ; then
208	+ replace-flags -g3 -g2
209	+ replace-flags -ggdb3 -ggdb2
210	+ fi
211	+
212	+ local sslout=$(./gentoo.config)
213	+ einfo "Use configuration ${sslout:-(openssl knows best)}"
214	+ local config="Configure"
215	+ [[ -z ${sslout} ]] && config="config"
216	+
217	+ # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
218	+ # Make sure user flags don't get added yet to avoid duplicated
219	+ # flags.
220	+ CFLAGS= LDFLAGS= echoit \
221	+ ./${config} \
222	+ ${sslout} \
223	+ $(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
224	+ enable-camellia \
225	+ enable-ec \
226	+ $(use_ssl !bindist ec2m) \
227	+ $(use_ssl !bindist srp) \
228	+ ${ec_nistp_64_gcc_128} \
229	+ enable-idea \
230	+ enable-mdc2 \
231	+ enable-rc5 \
232	+ enable-tlsext \
233	+ $(use_ssl asm) \
234	+ $(use_ssl gmp gmp -lgmp) \
235	+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
236	+ $(use_ssl rfc3779) \
237	+ $(use_ssl sctp) \
238	+ $(use_ssl sslv2 ssl2) \
239	+ $(use_ssl sslv3 ssl3) \
240	+ $(use_ssl tls-heartbeat heartbeats) \
241	+ $(use_ssl zlib) \
242	+ --prefix="${EPREFIX}"/usr \
243	+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
244	+ --libdir=$(get_libdir) \
245	+ shared threads \
246	+ \|\| die
247	+
248	+ # Clean out hardcoded flags that openssl uses
249	+ local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile \| LC_ALL=C sed \
250	+ -e 's:^CFLAG=::' \
251	+ -e 's:\(^\\| \)-fomit-frame-pointer::g' \
252	+ -e 's:\(^\\| \)-O[^ ]*::g' \
253	+ -e 's:\(^\\| \)-march=[^ ]*::g' \
254	+ -e 's:\(^\\| \)-mcpu=[^ ]*::g' \
255	+ -e 's:\(^\\| \)-m[^ ]*::g' \
256	+ -e 's:^ *::' \
257	+ -e 's: *$::' \
258	+ -e 's: \+: :g' \
259	+ -e 's:\\:\\\\:g'
260	+ )
261	+
262	+ # Now insert clean default flags with user flags
263	+ sed -i \
264	+ -e "/^CFLAG/s\|=.*\|=${DEFAULT_CFLAGS} ${CFLAGS}\|" \
265	+ -e "/^LDFLAGS=/s\|=[[:space:]]*$\|=${LDFLAGS}\|" \
266	+ Makefile \|\| die
267	+}
268	+
269	+multilib_src_compile() {
270	+ # depend is needed to use $confopts; it also doesn't matter
271	+ # that it's -j1 as the code itself serializes subdirs
272	+ emake -j1 V=1 depend
273	+ emake build_libs
274	+}
275	+
276	+multilib_src_test() {
277	+ emake -j1 test
278	+}
279	+
280	+multilib_src_install() {
281	+ dolib.so lib{crypto,ssl}.so.${SLOT}
282	+}

Gentoo Archives: gentoo-commits