[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/
Date:	Tue, 03 May 2016 14:18:16
Message-Id:	`1462285087.0fc41733455bf6bb5b5154804c39d5ab2cb68974.polynomial-c@gentoo`

1

commit:     0fc41733455bf6bb5b5154804c39d5ab2cb68974

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Tue May  3 14:17:34 2016 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Tue May  3 14:18:07 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fc41733

7

8

dev-libs/openssl: Security bump to version 1.0.2h

9

10

Package-Manager: portage-2.2.28

11

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

12

13

 dev-libs/openssl/Manifest              |   1 +

14

 dev-libs/openssl/openssl-1.0.2h.ebuild | 259 +++++++++++++++++++++++++++++++++

15

 2 files changed, 260 insertions(+)

16

17

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest

18

index 6eb6a35..e2c25ea 100644

19

--- a/dev-libs/openssl/Manifest

20

+++ b/dev-libs/openssl/Manifest

21

@@ -1,3 +1,4 @@

22

 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf

23

 DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9

24

 DIST openssl-1.0.2g.tar.gz 5266102 SHA256 b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 SHA512 4d96b6c8a232203483d6e8bee81da01ba10977bfbac92f25304a36dec9ea584b7ef917bc45e097cc7dbe681d71a4570d649c22244c178393ae91fab48323f735 WHIRLPOOL aedbd82af0a550e8329a84312fae492f3bb3cb04af763fc9ef532099b2b2e61a55e4a7cfb06085f045740e2b692bbdb3ecb8bf5ca82f46325c3caf22d2317ffb

25

+DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6

26

27

diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild

28

new file mode 100644

29

index 0000000..d50d0af

30

--- /dev/null

31

+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild

32

@@ -0,0 +1,259 @@

33

+# Copyright 1999-2016 Gentoo Foundation

34

+# Distributed under the terms of the GNU General Public License v2

35

+# $Id$

36

+

37

+EAPI=5

38

+

39

+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal

40

+

41

+MY_P=${P/_/-}

42

+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"

43

+HOMEPAGE="http://www.openssl.org/"

44

+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"

45

+

46

+LICENSE="openssl"

47

+# subslot set to 1.0.2g version as this is the first release without SSLv2

48

+# support and thus breaks nearly every openssl consumer (see bug #575548)

49

+SLOT="0"

50

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"

51

+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"

52

+RESTRICT="!bindist? ( bindist )"

53

+

54

+RDEPEND=">=app-misc/c_rehash-1.7-r1

55

+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

56

+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

57

+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"

58

+DEPEND="${RDEPEND}

59

+	>=dev-lang/perl-5

60

+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

61

+	test? (

62

+		sys-apps/diffutils

63

+		sys-devel/bc

64

+	)"

65

+PDEPEND="app-misc/ca-certificates"

66

+

67

+S="${WORKDIR}/${MY_P}"

68

+

69

+MULTILIB_WRAPPED_HEADERS=(

70

+	usr/include/openssl/opensslconf.h

71

+)

72

+

73

+src_prepare() {

74

+	# keep this in sync with app-misc/c_rehash

75

+	SSL_CNF_DIR="/etc/ssl"

76

+

77

+	# Make sure we only ever touch Makefile.org and avoid patching a file

78

+	# that gets blown away anyways by the Configure script in src_configure

79

+	rm -f Makefile

80

+

81

+	if ! use vanilla ; then

82

+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421

83

+		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743

84

+		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch

85

+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch

86

+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch

87

+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028

88

+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch

89

+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618

90

+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338

91

+

92

+		epatch_user #332661

93

+	fi

94

+

95

+	# disable fips in the build

96

+	# make sure the man pages are suffixed #302165

97

+	# don't bother building man pages if they're disabled

98

+	sed -i \

99

+		-e '/DIRS/s: fips : :g' \

100

+		-e '/^MANSUFFIX/s:=.*:=ssl:' \

101

+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

102

+		-e $(has noman FEATURES \

103

+			&& echo '/^install:/s:install_docs::' \

104

+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \

105

+		Makefile.org \

106

+		|| die

107

+	# show the actual commands in the log

108

+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared

109

+

110

+	# since we're forcing $(CC) as makedep anyway, just fix

111

+	# the conditional as always-on

112

+	# helps clang (#417795), and versioned gcc (#499818)

113

+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die

114

+

115

+	# quiet out unknown driver argument warnings since openssl

116

+	# doesn't have well-split CFLAGS and we're making it even worse

117

+	# and 'make depend' uses -Werror for added fun (#417795 again)

118

+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

119

+

120

+	# allow openssl to be cross-compiled

121

+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

122

+	chmod a+rx gentoo.config

123

+

124

+	append-flags -fno-strict-aliasing

125

+	append-flags $(test-flags-CC -Wa,--noexecstack)

126

+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS

127

+

128

+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906

129

+	# The config script does stupid stuff to prompt the user.  Kill it.

130

+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die

131

+	./config --test-sanity || die "I AM NOT SANE"

132

+

133

+	multilib_copy_sources

134

+}

135

+

136

+multilib_src_configure() {

137

+	unset APPS #197996

138

+	unset SCRIPTS #312551

139

+	unset CROSS_COMPILE #311473

140

+

141

+	tc-export CC AR RANLIB RC

142

+

143

+	# Clean out patent-or-otherwise-encumbered code

144

+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)

145

+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

146

+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

147

+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2

148

+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5

149

+

150

+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }

151

+	echoit() { echo "$@" ; "$@" ; }

152

+

153

+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

154

+

155

+	# See if our toolchain supports __uint128_t.  If so, it's 64bit

156

+	# friendly and can use the nicely optimized code paths. #460790

157

+	local ec_nistp_64_gcc_128

158

+	# Disable it for now though #469976

159

+	#if ! use bindist ; then

160

+	#	echo "__uint128_t i;" > "${T}"/128.c

161

+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then

162

+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"

163

+	#	fi

164

+	#fi

165

+

166

+	local sslout=$(./gentoo.config)

167

+	einfo "Use configuration ${sslout:-(openssl knows best)}"

168

+	local config="Configure"

169

+	[[ -z ${sslout} ]] && config="config"

170

+

171

+	echoit \

172

+	./${config} \

173

+		${sslout} \

174

+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \

175

+		enable-camellia \

176

+		$(use_ssl !bindist ec) \

177

+		${ec_nistp_64_gcc_128} \

178

+		enable-idea \

179

+		enable-mdc2 \

180

+		enable-rc5 \

181

+		enable-tlsext \

182

+		enable-ssl2 \

183

+		$(use_ssl asm) \

184

+		$(use_ssl gmp gmp -lgmp) \

185

+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

186

+		$(use_ssl rfc3779) \

187

+		$(use_ssl sctp) \

188

+		$(use_ssl tls-heartbeat heartbeats) \

189

+		$(use_ssl zlib) \

190

+		--prefix="${EPREFIX}"/usr \

191

+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \

192

+		--libdir=$(get_libdir) \

193

+		shared threads \

194

+		|| die

195

+

196

+	# Clean out hardcoded flags that openssl uses

197

+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \

198

+		-e 's:^CFLAG=::' \

199

+		-e 's:-fomit-frame-pointer ::g' \

200

+		-e 's:-O[0-9] ::g' \

201

+		-e 's:-march=[-a-z0-9]* ::g' \

202

+		-e 's:-mcpu=[-a-z0-9]* ::g' \

203

+		-e 's:-m[a-z0-9]* ::g' \

204

+	)

205

+	sed -i \

206

+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \

207

+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \

208

+		Makefile || die

209

+}

210

+

211

+multilib_src_compile() {

212

+	# depend is needed to use $confopts; it also doesn't matter

213

+	# that it's -j1 as the code itself serializes subdirs

214

+	emake -j1 depend

215

+	emake all

216

+	# rehash is needed to prep the certs/ dir; do this

217

+	# separately to avoid parallel build issues.

218

+	emake rehash

219

+}

220

+

221

+multilib_src_test() {

222

+	emake -j1 test

223

+}

224

+

225

+multilib_src_install() {

226

+	emake INSTALL_PREFIX="${D}" install

227

+}

228

+

229

+multilib_src_install_all() {

230

+	# openssl installs perl version of c_rehash by default, but

231

+	# we provide a shell version via app-misc/c_rehash

232

+	rm "${ED}"/usr/bin/c_rehash || die

233

+

234

+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el

235

+	dohtml -r doc/*

236

+	use rfc3779 && dodoc engines/ccgost/README.gost

237

+

238

+	# This is crappy in that the static archives are still built even

239

+	# when USE=static-libs.  But this is due to a failing in the openssl

240

+	# build system: the static archives are built as PIC all the time.

241

+	# Only way around this would be to manually configure+compile openssl

242

+	# twice; once with shared lib support enabled and once without.

243

+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a

244

+

245

+	# create the certs directory

246

+	dodir ${SSL_CNF_DIR}/certs

247

+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die

248

+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}

249

+

250

+	# Namespace openssl programs to prevent conflicts with other man pages

251

+	cd "${ED}"/usr/share/man

252

+	local m d s

253

+	for m in $(find . -type f | xargs grep -L '#include') ; do

254

+		d=${m%/*} ; d=${d#./} ; m=${m##*/}

255

+		[[ ${m} == openssl.1* ]] && continue

256

+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"

257

+		mv ${d}/{,ssl-}${m}

258

+		# fix up references to renamed man pages

259

+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}

260

+		ln -s ssl-${m} ${d}/openssl-${m}

261

+		# locate any symlinks that point to this man page ... we assume

262

+		# that any broken links are due to the above renaming

263

+		for s in $(find -L ${d} -type l) ; do

264

+			s=${s##*/}

265

+			rm -f ${d}/${s}

266

+			ln -s ssl-${m} ${d}/ssl-${s}

267

+			ln -s ssl-${s} ${d}/openssl-${s}

268

+		done

269

+	done

270

+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("

271

+

272

+	dodir /etc/sandbox.d #254521

273

+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

274

+

275

+	diropts -m0700

276

+	keepdir ${SSL_CNF_DIR}/private

277

+}

278

+

279

+pkg_preinst() {

280

+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0

281

+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8

282

+}

283

+

284

+pkg_postinst() {

285

+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"

286

+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null

287

+	eend $?

288

+

289

+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0

290

+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8

291

+}

1	commit: 0fc41733455bf6bb5b5154804c39d5ab2cb68974
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Tue May 3 14:17:34 2016 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Tue May 3 14:18:07 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fc41733
7
8	dev-libs/openssl: Security bump to version 1.0.2h
9
10	Package-Manager: portage-2.2.28
11	Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13	dev-libs/openssl/Manifest \| 1 +
14	dev-libs/openssl/openssl-1.0.2h.ebuild \| 259 +++++++++++++++++++++++++++++++++
15	2 files changed, 260 insertions(+)
16
17	diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
18	index 6eb6a35..e2c25ea 100644
19	--- a/dev-libs/openssl/Manifest
20	+++ b/dev-libs/openssl/Manifest
21	@@ -1,3 +1,4 @@
22	DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
23	DIST openssl-1.0.2f.tar.gz 5258384 SHA256 932b4ee4def2b434f85435d9e3e19ca8ba99ce9a065a61524b429a9d5e9b2e9c SHA512 50abf6dc94cafd06e7fd20770808bdc675c88daa369e4f752bd584ab17f72a57357c1ca1eca3c83e6745b5a3c9c73c99dce70adaa904d73f6df4c75bc7138351 WHIRLPOOL 179e1b5ad38c50a4c8110024aa7b33c53634c39690917e3bf5c2099548430beef96132ae9f9588ff0cedd6e08bb216a8d36835baaaa04e506fb3fbaed37d31c9
24	DIST openssl-1.0.2g.tar.gz 5266102 SHA256 b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33 SHA512 4d96b6c8a232203483d6e8bee81da01ba10977bfbac92f25304a36dec9ea584b7ef917bc45e097cc7dbe681d71a4570d649c22244c178393ae91fab48323f735 WHIRLPOOL aedbd82af0a550e8329a84312fae492f3bb3cb04af763fc9ef532099b2b2e61a55e4a7cfb06085f045740e2b692bbdb3ecb8bf5ca82f46325c3caf22d2317ffb
25	+DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6
26
27	diff --git a/dev-libs/openssl/openssl-1.0.2h.ebuild b/dev-libs/openssl/openssl-1.0.2h.ebuild
28	new file mode 100644
29	index 0000000..d50d0af
30	--- /dev/null
31	+++ b/dev-libs/openssl/openssl-1.0.2h.ebuild
32	@@ -0,0 +1,259 @@
33	+# Copyright 1999-2016 Gentoo Foundation
34	+# Distributed under the terms of the GNU General Public License v2
35	+# $Id$
36	+
37	+EAPI=5
38	+
39	+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
40	+
41	+MY_P=${P/_/-}
42	+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
43	+HOMEPAGE="http://www.openssl.org/"
44	+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
45	+
46	+LICENSE="openssl"
47	+# subslot set to 1.0.2g version as this is the first release without SSLv2
48	+# support and thus breaks nearly every openssl consumer (see bug #575548)
49	+SLOT="0"
50	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
51	+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
52	+RESTRICT="!bindist? ( bindist )"
53	+
54	+RDEPEND=">=app-misc/c_rehash-1.7-r1
55	+ gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
56	+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
57	+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
58	+DEPEND="${RDEPEND}
59	+ >=dev-lang/perl-5
60	+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
61	+ test? (
62	+ sys-apps/diffutils
63	+ sys-devel/bc
64	+ )"
65	+PDEPEND="app-misc/ca-certificates"
66	+
67	+S="${WORKDIR}/${MY_P}"
68	+
69	+MULTILIB_WRAPPED_HEADERS=(
70	+ usr/include/openssl/opensslconf.h
71	+)
72	+
73	+src_prepare() {
74	+ # keep this in sync with app-misc/c_rehash
75	+ SSL_CNF_DIR="/etc/ssl"
76	+
77	+ # Make sure we only ever touch Makefile.org and avoid patching a file
78	+ # that gets blown away anyways by the Configure script in src_configure
79	+ rm -f Makefile
80	+
81	+ if ! use vanilla ; then
82	+ epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
83	+ epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
84	+ epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
85	+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
86	+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
87	+ epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
88	+ epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
89	+ epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
90	+ epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
91	+
92	+ epatch_user #332661
93	+ fi
94	+
95	+ # disable fips in the build
96	+ # make sure the man pages are suffixed #302165
97	+ # don't bother building man pages if they're disabled
98	+ sed -i \
99	+ -e '/DIRS/s: fips : :g' \
100	+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
101	+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
102	+ -e $(has noman FEATURES \
103	+ && echo '/^install:/s:install_docs::' \
104	+ \|\| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
105	+ Makefile.org \
106	+ \|\| die
107	+ # show the actual commands in the log
108	+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
109	+
110	+ # since we're forcing $(CC) as makedep anyway, just fix
111	+ # the conditional as always-on
112	+ # helps clang (#417795), and versioned gcc (#499818)
113	+ sed -i 's/expr.MAKEDEPEND.;/true;/' util/domd \|\| die
114	+
115	+ # quiet out unknown driver argument warnings since openssl
116	+ # doesn't have well-split CFLAGS and we're making it even worse
117	+ # and 'make depend' uses -Werror for added fun (#417795 again)
118	+ [[ ${CC} == clang ]] && append-flags -Qunused-arguments
119	+
120	+ # allow openssl to be cross-compiled
121	+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config \|\| die
122	+ chmod a+rx gentoo.config
123	+
124	+ append-flags -fno-strict-aliasing
125	+ append-flags $(test-flags-CC -Wa,--noexecstack)
126	+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
127	+
128	+ sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
129	+ # The config script does stupid stuff to prompt the user. Kill it.
130	+ sed -i '/stty -icanon min 0 time 50; read waste/d' config \|\| die
131	+ ./config --test-sanity \|\| die "I AM NOT SANE"
132	+
133	+ multilib_copy_sources
134	+}
135	+
136	+multilib_src_configure() {
137	+ unset APPS #197996
138	+ unset SCRIPTS #312551
139	+ unset CROSS_COMPILE #311473
140	+
141	+ tc-export CC AR RANLIB RC
142	+
143	+ # Clean out patent-or-otherwise-encumbered code
144	+ # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
145	+ # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
146	+ # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
147	+ # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
148	+ # RC5: Expired http://en.wikipedia.org/wiki/RC5
149	+
150	+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
151	+ echoit() { echo "$@" ; "$@" ; }
152	+
153	+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
154	+
155	+ # See if our toolchain supports __uint128_t. If so, it's 64bit
156	+ # friendly and can use the nicely optimized code paths. #460790
157	+ local ec_nistp_64_gcc_128
158	+ # Disable it for now though #469976
159	+ #if ! use bindist ; then
160	+ # echo "__uint128_t i;" > "${T}"/128.c
161	+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
162	+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
163	+ # fi
164	+ #fi
165	+
166	+ local sslout=$(./gentoo.config)
167	+ einfo "Use configuration ${sslout:-(openssl knows best)}"
168	+ local config="Configure"
169	+ [[ -z ${sslout} ]] && config="config"
170	+
171	+ echoit \
172	+ ./${config} \
173	+ ${sslout} \
174	+ $(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
175	+ enable-camellia \
176	+ $(use_ssl !bindist ec) \
177	+ ${ec_nistp_64_gcc_128} \
178	+ enable-idea \
179	+ enable-mdc2 \
180	+ enable-rc5 \
181	+ enable-tlsext \
182	+ enable-ssl2 \
183	+ $(use_ssl asm) \
184	+ $(use_ssl gmp gmp -lgmp) \
185	+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
186	+ $(use_ssl rfc3779) \
187	+ $(use_ssl sctp) \
188	+ $(use_ssl tls-heartbeat heartbeats) \
189	+ $(use_ssl zlib) \
190	+ --prefix="${EPREFIX}"/usr \
191	+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
192	+ --libdir=$(get_libdir) \
193	+ shared threads \
194	+ \|\| die
195	+
196	+ # Clean out hardcoded flags that openssl uses
197	+ local CFLAG=$(grep ^CFLAG= Makefile \| LC_ALL=C sed \
198	+ -e 's:^CFLAG=::' \
199	+ -e 's:-fomit-frame-pointer ::g' \
200	+ -e 's:-O[0-9] ::g' \
201	+ -e 's:-march=[-a-z0-9]* ::g' \
202	+ -e 's:-mcpu=[-a-z0-9]* ::g' \
203	+ -e 's:-m[a-z0-9]* ::g' \
204	+ )
205	+ sed -i \
206	+ -e "/^CFLAG/s\|=.*\|=${CFLAG} ${CFLAGS}\|" \
207	+ -e "/^SHARED_LDFLAGS=/s\|$\| ${LDFLAGS}\|" \
208	+ Makefile \|\| die
209	+}
210	+
211	+multilib_src_compile() {
212	+ # depend is needed to use $confopts; it also doesn't matter
213	+ # that it's -j1 as the code itself serializes subdirs
214	+ emake -j1 depend
215	+ emake all
216	+ # rehash is needed to prep the certs/ dir; do this
217	+ # separately to avoid parallel build issues.
218	+ emake rehash
219	+}
220	+
221	+multilib_src_test() {
222	+ emake -j1 test
223	+}
224	+
225	+multilib_src_install() {
226	+ emake INSTALL_PREFIX="${D}" install
227	+}
228	+
229	+multilib_src_install_all() {
230	+ # openssl installs perl version of c_rehash by default, but
231	+ # we provide a shell version via app-misc/c_rehash
232	+ rm "${ED}"/usr/bin/c_rehash \|\| die
233	+
234	+ dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
235	+ dohtml -r doc/*
236	+ use rfc3779 && dodoc engines/ccgost/README.gost
237	+
238	+ # This is crappy in that the static archives are still built even
239	+ # when USE=static-libs. But this is due to a failing in the openssl
240	+ # build system: the static archives are built as PIC all the time.
241	+ # Only way around this would be to manually configure+compile openssl
242	+ # twice; once with shared lib support enabled and once without.
243	+ use static-libs \|\| rm -f "${ED}"/usr/lib/lib.a
244	+
245	+ # create the certs directory
246	+ dodir ${SSL_CNF_DIR}/certs
247	+ cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ \|\| die
248	+ rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
249	+
250	+ # Namespace openssl programs to prevent conflicts with other man pages
251	+ cd "${ED}"/usr/share/man
252	+ local m d s
253	+ for m in $(find . -type f \| xargs grep -L '#include') ; do
254	+ d=${m%/} ; d=${d#./} ; m=${m##/}
255	+ [[ ${m} == openssl.1* ]] && continue
256	+ [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
257	+ mv ${d}/{,ssl-}${m}
258	+ # fix up references to renamed man pages
259	+ sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
260	+ ln -s ssl-${m} ${d}/openssl-${m}
261	+ # locate any symlinks that point to this man page ... we assume
262	+ # that any broken links are due to the above renaming
263	+ for s in $(find -L ${d} -type l) ; do
264	+ s=${s##*/}
265	+ rm -f ${d}/${s}
266	+ ln -s ssl-${m} ${d}/ssl-${s}
267	+ ln -s ssl-${s} ${d}/openssl-${s}
268	+ done
269	+ done
270	+ [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
271	+
272	+ dodir /etc/sandbox.d #254521
273	+ echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
274	+
275	+ diropts -m0700
276	+ keepdir ${SSL_CNF_DIR}/private
277	+}
278	+
279	+pkg_preinst() {
280	+ has_version ${CATEGORY}/${PN}:0.9.8 && return 0
281	+ preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
282	+}
283	+
284	+pkg_postinst() {
285	+ ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
286	+ c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
287	+ eend $?
288	+
289	+ has_version ${CATEGORY}/${PN}:0.9.8 && return 0
290	+ preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
291	+}

Gentoo Archives: gentoo-commits