1 |
commit: 458daf054634ccaa6e5df1a53339e0f57f2755a6 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Aug 29 20:51:15 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Aug 29 20:51:41 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=458daf05 |
7 |
|
8 |
dev-libs/openssl: drop 1.1.1n, 1.1.1o, 1.1.1o-r1, 1.1.1p |
9 |
|
10 |
Bug: https://bugs.gentoo.org/856592 |
11 |
Bug: https://bugs.gentoo.org/842489 |
12 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
13 |
|
14 |
dev-libs/openssl/Manifest | 7 - |
15 |
.../files/openssl-1.1.1p-fix-test-build.patch | 52 ---- |
16 |
dev-libs/openssl/openssl-1.1.1n.ebuild | 298 ------------------ |
17 |
dev-libs/openssl/openssl-1.1.1o-r1.ebuild | 338 --------------------- |
18 |
dev-libs/openssl/openssl-1.1.1o.ebuild | 318 ------------------- |
19 |
dev-libs/openssl/openssl-1.1.1p.ebuild | 337 -------------------- |
20 |
6 files changed, 1350 deletions(-) |
21 |
|
22 |
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest |
23 |
index eb14a155609f..a411ae31d39e 100644 |
24 |
--- a/dev-libs/openssl/Manifest |
25 |
+++ b/dev-libs/openssl/Manifest |
26 |
@@ -1,13 +1,6 @@ |
27 |
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 |
28 |
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 |
29 |
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 |
30 |
-DIST openssl-1.1.1n.tar.gz 9850712 BLAKE2B af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398 SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4 |
31 |
-DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ecc184e39e8d942450d41c42d22a96398036ae804af23c4f28d082c62f5babaa275ceb2e13b33b5acfd59a802c186 SHA512 24abc3d187cabed830dcd3189a34c2dc29e0b8013a607011a0e85cc68f0ec48c1de14a005053a4de3a4013cfa9658016ac65cfb8cfac58da55231371926beeda |
32 |
-DIST openssl-1.1.1o-test-fixes-expiry.patch.xz 6180 BLAKE2B 23ef36d7bd05c98f7fab6de25681a53fa7a558d114548836b6cd90a57c4f4e45dc9fb622936053608b463320605b7df60db2d2caf3811b249f6ead3791a1c081 SHA512 577aec97fb31cd9efe3b30d82c560d3e7da57ae52c4de0f86e951b777a673830baaadcc5eb366c523024d37405531c6d32de26bbbc1e77df15c7822c72e937e6 |
33 |
-DIST openssl-1.1.1o.tar.gz 9856386 BLAKE2B 5bd355fd17adf43ba4e3bf1a8036ceb724edd4f4ab80dc25aecc3d2647372e9db2bc12e2b89791fc4b6f7fd95a7b68e00490d09ca6518d25ab990ee27798e641 SHA512 75b2f1499cb4640229eb6cd35d85cbff2e19db17b959ac4d04b60f1b395b73567f9003521452a0fcfeea9b31b26de0a7bccf476ecf9caae02298f3647cfb7e23 |
34 |
-DIST openssl-1.1.1o.tar.gz.asc 488 BLAKE2B a03a967e7e2124d1a76ad7765e2f48065f40d32ba102a433be603ee8f86b26a2d246dcb97a95bd694ef3005889ce4f1951f76d39fe1d683f92da1aa3023e9c2d SHA512 da6d88de7c1cd807b6089d50f8bb102c317c0b45ca26e517e3e400c5c65f787d94a1ee522af76279e93790a7fb491348cf25ffcfd66ecb9a9d35209328cb221e |
35 |
-DIST openssl-1.1.1p.tar.gz 9860217 BLAKE2B 4354753a5e52393c9cc4569954c2cac6d89a1e204fa4f9ca00a60492782d29f8952fb92664cdbb3576c6443d3cb2eacebea51db584738589f3598b40df579b12 SHA512 203470b1cd37bdbfabfec5ef37fc97c991d9943f070c988316f6396b09dae7cea16ac884bd8646dbf7dd1ed40ebde6bdfa5700beee2d714d07c97cc70b4e48d9 |
36 |
-DIST openssl-1.1.1p.tar.gz.asc 488 BLAKE2B e68c8a4c992c2448b48428137f61f91fb89e4814f6e80c5525cea695bcf898326eca729f31b953fbd7ff51b448004101ca78abfbd3138ec2389596faa3eafc2f SHA512 c85d65df1ed0f1ae87b799d794ea43e32c8ecaf85caf6e36fbbd4a890ef1d47710380d3846296e0124898680be66113a959ad974e0448bc00d1253794dc48972 |
37 |
DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 SHA512 cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f |
38 |
DIST openssl-1.1.1q.tar.gz.asc 833 BLAKE2B 9311abf47469c3802a84dc9b7427a168ba7717496960e6f84b04e4d9263dea1168493082937a06bcb6ef4169b2ed9b2f36084bbac15b5f7ca5b4c41041c4bab6 SHA512 03a41f29d1713c47bb300e01e36dbd048074076a6a3b9913e2fc9a1b56b726c038978f99e86f9a3e4ea39f72bd82a15965842f6d94210fa9d3474f6f0f68559e |
39 |
DIST openssl-3.0.5.tar.gz 15074407 BLAKE2B 7bf89e042417c003ef02a8bb1278590a52ce4a3d50f66795c66b750f90248840edb0d3352811caaaaff708c7e65b77384142e316916a6c311f1d2b4747f44816 SHA512 782b0df3d0252468aa696bd74a3b661810499819c0df849aa9698ba0e06a845820dc856aac650fced4be234f1271e576d4317ac3ab1406cf0ffe087d695d20fe |
40 |
|
41 |
diff --git a/dev-libs/openssl/files/openssl-1.1.1p-fix-test-build.patch b/dev-libs/openssl/files/openssl-1.1.1p-fix-test-build.patch |
42 |
deleted file mode 100644 |
43 |
index 5dca6926dd8f..000000000000 |
44 |
--- a/dev-libs/openssl/files/openssl-1.1.1p-fix-test-build.patch |
45 |
+++ /dev/null |
46 |
@@ -1,52 +0,0 @@ |
47 |
-https://github.com/openssl/openssl/issues/18619 |
48 |
-https://github.com/openssl/openssl/pull/18634 |
49 |
-https://github.com/openssl/openssl/commit/665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232 |
50 |
- |
51 |
-From 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232 Mon Sep 17 00:00:00 2001 |
52 |
-From: Bernd Edlinger <bernd.edlinger@×××××××.de> |
53 |
-Date: Fri, 17 Jun 2022 10:25:24 +0200 |
54 |
-Subject: [PATCH] Fix compile issues in test/v3ext.c with no-rfc3779 |
55 |
- |
56 |
-There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, |
57 |
-therefore the test cannot be compiled. |
58 |
- |
59 |
-Reviewed-by: Matt Caswell <matt@×××××××.org> |
60 |
-Reviewed-by: Tomas Mraz <tomas@×××××××.org> |
61 |
-Reviewed-by: Paul Dale <pauli@×××××××.org> |
62 |
-(Merged from https://github.com/openssl/openssl/pull/18634) |
63 |
- |
64 |
-(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe) |
65 |
---- |
66 |
- test/v3ext.c | 4 ++++ |
67 |
- 1 file changed, 4 insertions(+) |
68 |
- |
69 |
-diff --git a/test/v3ext.c b/test/v3ext.c |
70 |
-index e96b6f79b58f..a2adb1a9f0ef 100644 |
71 |
---- a/test/v3ext.c |
72 |
-+++ b/test/v3ext.c |
73 |
-@@ -37,6 +37,7 @@ static int test_pathlen(void) |
74 |
- return ret; |
75 |
- } |
76 |
- |
77 |
-+#ifndef OPENSSL_NO_RFC3779 |
78 |
- static int test_asid(void) |
79 |
- { |
80 |
- ASN1_INTEGER *val1 = NULL, *val2 = NULL; |
81 |
-@@ -113,6 +114,7 @@ static int test_asid(void) |
82 |
- ASIdentifiers_free(asid4); |
83 |
- return testresult; |
84 |
- } |
85 |
-+#endif /* OPENSSL_NO_RFC3779 */ |
86 |
- |
87 |
- OPT_TEST_DECLARE_USAGE("cert.pem\n") |
88 |
- |
89 |
-@@ -127,6 +129,8 @@ int setup_tests(void) |
90 |
- return 0; |
91 |
- |
92 |
- ADD_TEST(test_pathlen); |
93 |
-+#ifndef OPENSSL_NO_RFC3779 |
94 |
- ADD_TEST(test_asid); |
95 |
-+#endif /* OPENSSL_NO_RFC3779 */ |
96 |
- return 1; |
97 |
- } |
98 |
- |
99 |
|
100 |
diff --git a/dev-libs/openssl/openssl-1.1.1n.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild |
101 |
deleted file mode 100644 |
102 |
index 5cfa2b82bf24..000000000000 |
103 |
--- a/dev-libs/openssl/openssl-1.1.1n.ebuild |
104 |
+++ /dev/null |
105 |
@@ -1,298 +0,0 @@ |
106 |
-# Copyright 1999-2022 Gentoo Authors |
107 |
-# Distributed under the terms of the GNU General Public License v2 |
108 |
- |
109 |
-EAPI="7" |
110 |
- |
111 |
-inherit flag-o-matic toolchain-funcs multilib-minimal verify-sig |
112 |
- |
113 |
-MY_P=${P/_/-} |
114 |
- |
115 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
116 |
-HOMEPAGE="https://www.openssl.org/" |
117 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
118 |
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" |
119 |
-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc |
120 |
- |
121 |
-LICENSE="openssl" |
122 |
-SLOT="0/1.1" # .so version of libssl/libcrypto |
123 |
-[[ "${PV}" = *_pre* ]] || \ |
124 |
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
125 |
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" |
126 |
-RESTRICT="!test? ( test )" |
127 |
- |
128 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
129 |
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" |
130 |
-DEPEND="${RDEPEND}" |
131 |
-BDEPEND=" |
132 |
- >=dev-lang/perl-5 |
133 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
134 |
- test? ( |
135 |
- sys-apps/diffutils |
136 |
- sys-devel/bc |
137 |
- kernel_linux? ( sys-process/procps ) |
138 |
- ) |
139 |
- verify-sig? ( sec-keys/openpgp-keys-openssl )" |
140 |
-PDEPEND="app-misc/ca-certificates" |
141 |
- |
142 |
-PATCHES=( |
143 |
- "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 |
144 |
- "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch |
145 |
-) |
146 |
- |
147 |
-S="${WORKDIR}/${MY_P}" |
148 |
- |
149 |
-# force upgrade to prevent broken login, bug 696950 |
150 |
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" |
151 |
- |
152 |
-MULTILIB_WRAPPED_HEADERS=( |
153 |
- usr/include/openssl/opensslconf.h |
154 |
-) |
155 |
- |
156 |
-pkg_setup() { |
157 |
- [[ ${MERGE_TYPE} == binary ]] && return |
158 |
- |
159 |
- # must check in pkg_setup; sysctl don't work with userpriv! |
160 |
- if use test && use sctp; then |
161 |
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" |
162 |
- # if sctp.auth_enable is not enabled. |
163 |
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) |
164 |
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then |
165 |
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" |
166 |
- fi |
167 |
- fi |
168 |
-} |
169 |
- |
170 |
-src_prepare() { |
171 |
- # allow openssl to be cross-compiled |
172 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
173 |
- chmod a+rx gentoo.config || die |
174 |
- |
175 |
- # keep this in sync with app-misc/c_rehash |
176 |
- SSL_CNF_DIR="/etc/ssl" |
177 |
- |
178 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
179 |
- # that gets blown away anyways by the Configure script in src_configure |
180 |
- rm -f Makefile |
181 |
- |
182 |
- if ! use vanilla ; then |
183 |
- if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then |
184 |
- [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}" |
185 |
- fi |
186 |
- fi |
187 |
- |
188 |
- eapply_user #332661 |
189 |
- |
190 |
- if use test && use sctp && has network-sandbox ${FEATURES}; then |
191 |
- ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox" |
192 |
- rm test/recipes/80-test_ssl_new.t || die |
193 |
- eend $? |
194 |
- fi |
195 |
- |
196 |
- # make sure the man pages are suffixed #302165 |
197 |
- # don't bother building man pages if they're disabled |
198 |
- # Make DOCDIR Gentoo compliant |
199 |
- sed -i \ |
200 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
201 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
202 |
- -e $(has noman FEATURES \ |
203 |
- && echo '/^install:/s:install_docs::' \ |
204 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
205 |
- -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ |
206 |
- Configurations/unix-Makefile.tmpl \ |
207 |
- || die |
208 |
- |
209 |
- # quiet out unknown driver argument warnings since openssl |
210 |
- # doesn't have well-split CFLAGS and we're making it even worse |
211 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
212 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
213 |
- |
214 |
- append-flags -fno-strict-aliasing |
215 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
216 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
217 |
- |
218 |
- # Prefixify Configure shebang (#141906) |
219 |
- sed \ |
220 |
- -e "1s,/usr/bin/env,${EPREFIX}&," \ |
221 |
- -i Configure || die |
222 |
- # Remove test target when FEATURES=test isn't set |
223 |
- if ! use test ; then |
224 |
- sed \ |
225 |
- -e '/^$config{dirs}/s@ "test",@@' \ |
226 |
- -i Configure || die |
227 |
- fi |
228 |
- |
229 |
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then |
230 |
- # use GNU ld full option, not to confuse it on Solaris |
231 |
- sed -i \ |
232 |
- -e 's/-Wl,-M,/-Wl,--version-script=/' \ |
233 |
- -e 's/-Wl,-h,/-Wl,--soname=/' \ |
234 |
- Configurations/10-main.conf || die |
235 |
- |
236 |
- # fix building on Solaris 10 |
237 |
- # https://github.com/openssl/openssl/issues/6333 |
238 |
- sed -i \ |
239 |
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ |
240 |
- Configurations/10-main.conf || die |
241 |
- fi |
242 |
- |
243 |
- # The config script does stupid stuff to prompt the user. Kill it. |
244 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
245 |
- ./config --test-sanity || die "I AM NOT SANE" |
246 |
- |
247 |
- multilib_copy_sources |
248 |
-} |
249 |
- |
250 |
-multilib_src_configure() { |
251 |
- unset APPS #197996 |
252 |
- unset SCRIPTS #312551 |
253 |
- unset CROSS_COMPILE #311473 |
254 |
- |
255 |
- tc-export CC AR RANLIB RC |
256 |
- |
257 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
258 |
- echoit() { echo "$@" ; "$@" ; } |
259 |
- |
260 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
261 |
- |
262 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
263 |
- # friendly and can use the nicely optimized code paths. #460790 |
264 |
- local ec_nistp_64_gcc_128 |
265 |
- # Disable it for now though #469976 |
266 |
- # echo "__uint128_t i;" > "${T}"/128.c |
267 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
268 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
269 |
- # fi |
270 |
- |
271 |
- local sslout=$(./gentoo.config) |
272 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
273 |
- local config="Configure" |
274 |
- [[ -z ${sslout} ]] && config="config" |
275 |
- |
276 |
- # "disable-deprecated" option breaks too many consumers. |
277 |
- # Don't set it without thorough revdeps testing. |
278 |
- # Make sure user flags don't get added *yet* to avoid duplicated |
279 |
- # flags. |
280 |
- CFLAGS= LDFLAGS= echoit \ |
281 |
- ./${config} \ |
282 |
- ${sslout} \ |
283 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
284 |
- enable-camellia \ |
285 |
- enable-ec \ |
286 |
- enable-ec2m \ |
287 |
- enable-sm2 \ |
288 |
- enable-srp \ |
289 |
- $(use elibc_musl && echo "no-async") \ |
290 |
- ${ec_nistp_64_gcc_128} \ |
291 |
- enable-idea \ |
292 |
- enable-mdc2 \ |
293 |
- enable-rc5 \ |
294 |
- $(use_ssl sslv3 ssl3) \ |
295 |
- $(use_ssl sslv3 ssl3-method) \ |
296 |
- $(use_ssl asm) \ |
297 |
- $(use_ssl rfc3779) \ |
298 |
- $(use_ssl sctp) \ |
299 |
- $(use_ssl tls-compression zlib) \ |
300 |
- $(use_ssl tls-heartbeat heartbeats) \ |
301 |
- $(use_ssl weak-ssl-ciphers) \ |
302 |
- --prefix="${EPREFIX}"/usr \ |
303 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
304 |
- --libdir=$(get_libdir) \ |
305 |
- shared threads \ |
306 |
- || die |
307 |
- |
308 |
- # Clean out hardcoded flags that openssl uses |
309 |
- local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ |
310 |
- -e 's:^CFLAGS=::' \ |
311 |
- -e 's:\(^\| \)-fomit-frame-pointer::g' \ |
312 |
- -e 's:\(^\| \)-O[^ ]*::g' \ |
313 |
- -e 's:\(^\| \)-march=[^ ]*::g' \ |
314 |
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \ |
315 |
- -e 's:\(^\| \)-m[^ ]*::g' \ |
316 |
- -e 's:^ *::' \ |
317 |
- -e 's: *$::' \ |
318 |
- -e 's: \+: :g' \ |
319 |
- -e 's:\\:\\\\:g' |
320 |
- ) |
321 |
- |
322 |
- # Now insert clean default flags with user flags |
323 |
- sed -i \ |
324 |
- -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ |
325 |
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ |
326 |
- Makefile || die |
327 |
-} |
328 |
- |
329 |
-multilib_src_compile() { |
330 |
- # depend is needed to use $confopts; it also doesn't matter |
331 |
- # that it's -j1 as the code itself serializes subdirs |
332 |
- emake -j1 depend |
333 |
- emake all |
334 |
-} |
335 |
- |
336 |
-multilib_src_test() { |
337 |
- emake -j1 test |
338 |
-} |
339 |
- |
340 |
-multilib_src_install() { |
341 |
- # We need to create $ED/usr on our own to avoid a race condition #665130 |
342 |
- if [[ ! -d "${ED}/usr" ]]; then |
343 |
- # We can only create this directory once |
344 |
- mkdir "${ED}"/usr || die |
345 |
- fi |
346 |
- |
347 |
- emake DESTDIR="${D}" install |
348 |
- |
349 |
- # This is crappy in that the static archives are still built even |
350 |
- # when USE=static-libs. But this is due to a failing in the openssl |
351 |
- # build system: the static archives are built as PIC all the time. |
352 |
- # Only way around this would be to manually configure+compile openssl |
353 |
- # twice; once with shared lib support enabled and once without. |
354 |
- if ! use static-libs; then |
355 |
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die |
356 |
- fi |
357 |
-} |
358 |
- |
359 |
-multilib_src_install_all() { |
360 |
- # openssl installs perl version of c_rehash by default, but |
361 |
- # we provide a shell version via app-misc/c_rehash |
362 |
- rm "${ED}"/usr/bin/c_rehash || die |
363 |
- |
364 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el |
365 |
- |
366 |
- # create the certs directory |
367 |
- keepdir ${SSL_CNF_DIR}/certs |
368 |
- |
369 |
- # Namespace openssl programs to prevent conflicts with other man pages |
370 |
- cd "${ED}"/usr/share/man || die |
371 |
- local m d s |
372 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
373 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
374 |
- [[ ${m} == openssl.1* ]] && continue |
375 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
376 |
- mv ${d}/{,ssl-}${m} |
377 |
- # fix up references to renamed man pages |
378 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
379 |
- ln -s ssl-${m} ${d}/openssl-${m} |
380 |
- # locate any symlinks that point to this man page ... we assume |
381 |
- # that any broken links are due to the above renaming |
382 |
- for s in $(find -L ${d} -type l) ; do |
383 |
- s=${s##*/} |
384 |
- rm -f ${d}/${s} |
385 |
- # We don't want to "|| die" here |
386 |
- ln -s ssl-${m} ${d}/ssl-${s} |
387 |
- ln -s ssl-${s} ${d}/openssl-${s} |
388 |
- done |
389 |
- done |
390 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
391 |
- |
392 |
- dodir /etc/sandbox.d #254521 |
393 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
394 |
- |
395 |
- diropts -m0700 |
396 |
- keepdir ${SSL_CNF_DIR}/private |
397 |
-} |
398 |
- |
399 |
-pkg_postinst() { |
400 |
- ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
401 |
- c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null |
402 |
- eend $? |
403 |
-} |
404 |
|
405 |
diff --git a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild b/dev-libs/openssl/openssl-1.1.1o-r1.ebuild |
406 |
deleted file mode 100644 |
407 |
index 0e55dcc43e49..000000000000 |
408 |
--- a/dev-libs/openssl/openssl-1.1.1o-r1.ebuild |
409 |
+++ /dev/null |
410 |
@@ -1,338 +0,0 @@ |
411 |
-# Copyright 1999-2022 Gentoo Authors |
412 |
-# Distributed under the terms of the GNU General Public License v2 |
413 |
- |
414 |
-EAPI=7 |
415 |
- |
416 |
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc |
417 |
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig |
418 |
- |
419 |
-MY_P=${P/_/-} |
420 |
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" |
421 |
-HOMEPAGE="https://www.openssl.org/" |
422 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
423 |
- https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz |
424 |
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" |
425 |
-S="${WORKDIR}/${MY_P}" |
426 |
- |
427 |
-LICENSE="openssl" |
428 |
-SLOT="0/1.1" # .so version of libssl/libcrypto |
429 |
-if [[ ${PV} != *_pre* ]] ; then |
430 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
431 |
-fi |
432 |
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" |
433 |
-RESTRICT="!test? ( test )" |
434 |
- |
435 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
436 |
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" |
437 |
-DEPEND="${RDEPEND}" |
438 |
-BDEPEND=" |
439 |
- >=dev-lang/perl-5 |
440 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
441 |
- test? ( |
442 |
- sys-apps/diffutils |
443 |
- sys-devel/bc |
444 |
- kernel_linux? ( sys-process/procps ) |
445 |
- ) |
446 |
- verify-sig? ( sec-keys/openpgp-keys-openssl )" |
447 |
-PDEPEND="app-misc/ca-certificates" |
448 |
- |
449 |
-# force upgrade to prevent broken login, bug #696950 |
450 |
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" |
451 |
- |
452 |
-MULTILIB_WRAPPED_HEADERS=( |
453 |
- usr/include/openssl/opensslconf.h |
454 |
-) |
455 |
- |
456 |
-PATCHES=( |
457 |
- # General patches which are suitable to always apply |
458 |
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! |
459 |
- "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 |
460 |
- "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch |
461 |
- "${WORKDIR}"/${P}-test-fixes-expiry.patch |
462 |
-) |
463 |
- |
464 |
-pkg_setup() { |
465 |
- [[ ${MERGE_TYPE} == binary ]] && return |
466 |
- |
467 |
- # must check in pkg_setup; sysctl doesn't work with userpriv! |
468 |
- if use test && use sctp; then |
469 |
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" |
470 |
- # if sctp.auth_enable is not enabled. |
471 |
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) |
472 |
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then |
473 |
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" |
474 |
- fi |
475 |
- fi |
476 |
-} |
477 |
- |
478 |
-src_unpack() { |
479 |
- # Can delete this once test fix patch is dropped |
480 |
- if use verify-sig ; then |
481 |
- # Needed for downloaded patch (which is unsigned, which is fine) |
482 |
- verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} |
483 |
- fi |
484 |
- |
485 |
- default |
486 |
-} |
487 |
- |
488 |
-src_prepare() { |
489 |
- # Allow openssl to be cross-compiled |
490 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
491 |
- chmod a+rx gentoo.config || die |
492 |
- |
493 |
- # Keep this in sync with app-misc/c_rehash |
494 |
- SSL_CNF_DIR="/etc/ssl" |
495 |
- |
496 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
497 |
- # that gets blown away anyways by the Configure script in src_configure |
498 |
- rm -f Makefile |
499 |
- |
500 |
- if ! use vanilla ; then |
501 |
- PATCHES+=( |
502 |
- # Add patches which are Gentoo-specific customisations here |
503 |
- ) |
504 |
- fi |
505 |
- |
506 |
- default |
507 |
- |
508 |
- if use test && use sctp && has network-sandbox ${FEATURES}; then |
509 |
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." |
510 |
- rm test/recipes/80-test_ssl_new.t || die |
511 |
- fi |
512 |
- |
513 |
- # - Make sure the man pages are suffixed (bug #302165) |
514 |
- # - Don't bother building man pages if they're disabled |
515 |
- # - Make DOCDIR Gentoo compliant |
516 |
- sed -i \ |
517 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
518 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
519 |
- -e $(has noman FEATURES \ |
520 |
- && echo '/^install:/s:install_docs::' \ |
521 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
522 |
- -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ |
523 |
- Configurations/unix-Makefile.tmpl \ |
524 |
- || die |
525 |
- |
526 |
- # Quiet out unknown driver argument warnings since openssl |
527 |
- # doesn't have well-split CFLAGS and we're making it even worse |
528 |
- # and 'make depend' uses -Werror for added fun (bug #417795 again) |
529 |
- tc-is-clang && append-flags -Qunused-arguments |
530 |
- |
531 |
- # We really, really need to build OpenSSL w/ strict aliasing disabled. |
532 |
- # It's filled with violations and it *will* result in miscompiled |
533 |
- # code. This has been in the ebuild for > 10 years but even in 2022, |
534 |
- # it's still relevant: |
535 |
- # - https://github.com/llvm/llvm-project/issues/55255 |
536 |
- # - https://github.com/openssl/openssl/issues/18225 |
537 |
- # Don't remove the no strict aliasing bits below! |
538 |
- filter-flags -fstrict-aliasing |
539 |
- append-flags -fno-strict-aliasing |
540 |
- |
541 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
542 |
- |
543 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
544 |
- |
545 |
- # Prefixify Configure shebang (bug #141906) |
546 |
- sed \ |
547 |
- -e "1s,/usr/bin/env,${EPREFIX}&," \ |
548 |
- -i Configure || die |
549 |
- |
550 |
- # Remove test target when FEATURES=test isn't set |
551 |
- if ! use test ; then |
552 |
- sed \ |
553 |
- -e '/^$config{dirs}/s@ "test",@@' \ |
554 |
- -i Configure || die |
555 |
- fi |
556 |
- |
557 |
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then |
558 |
- # use GNU ld full option, not to confuse it on Solaris |
559 |
- sed -i \ |
560 |
- -e 's/-Wl,-M,/-Wl,--version-script=/' \ |
561 |
- -e 's/-Wl,-h,/-Wl,--soname=/' \ |
562 |
- Configurations/10-main.conf || die |
563 |
- |
564 |
- # fix building on Solaris 10 |
565 |
- # https://github.com/openssl/openssl/issues/6333 |
566 |
- sed -i \ |
567 |
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ |
568 |
- Configurations/10-main.conf || die |
569 |
- fi |
570 |
- |
571 |
- # The config script does stupid stuff to prompt the user. Kill it. |
572 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
573 |
- ./config --test-sanity || die "I AM NOT SANE" |
574 |
- |
575 |
- multilib_copy_sources |
576 |
-} |
577 |
- |
578 |
-multilib_src_configure() { |
579 |
- # bug #197996 |
580 |
- unset APPS |
581 |
- # bug #312551 |
582 |
- unset SCRIPTS |
583 |
- # bug #311473 |
584 |
- unset CROSS_COMPILE |
585 |
- |
586 |
- tc-export AR CC CXX RANLIB RC |
587 |
- |
588 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
589 |
- |
590 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
591 |
- |
592 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
593 |
- # friendly and can use the nicely optimized code paths, bug #460790. |
594 |
- local ec_nistp_64_gcc_128 |
595 |
- |
596 |
- # Disable it for now though (bug #469976) |
597 |
- # echo "__uint128_t i;" > "${T}"/128.c |
598 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
599 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
600 |
- # fi |
601 |
- |
602 |
- local sslout=$(./gentoo.config) |
603 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
604 |
- local config="Configure" |
605 |
- [[ -z ${sslout} ]] && config="config" |
606 |
- |
607 |
- # "disable-deprecated" option breaks too many consumers. |
608 |
- # Don't set it without thorough revdeps testing. |
609 |
- # Make sure user flags don't get added *yet* to avoid duplicated |
610 |
- # flags. |
611 |
- local myeconfargs=( |
612 |
- ${sslout} |
613 |
- |
614 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") |
615 |
- enable-camellia |
616 |
- enable-ec |
617 |
- enable-ec2m |
618 |
- enable-sm2 |
619 |
- enable-srp |
620 |
- $(use elibc_musl && echo "no-async") |
621 |
- ${ec_nistp_64_gcc_128} |
622 |
- enable-idea |
623 |
- enable-mdc2 |
624 |
- enable-rc5 |
625 |
- $(use_ssl sslv3 ssl3) |
626 |
- $(use_ssl sslv3 ssl3-method) |
627 |
- $(use_ssl asm) |
628 |
- $(use_ssl rfc3779) |
629 |
- $(use_ssl sctp) |
630 |
- $(use test || echo "no-tests") |
631 |
- $(use_ssl tls-compression zlib) |
632 |
- $(use_ssl tls-heartbeat heartbeats) |
633 |
- $(use_ssl weak-ssl-ciphers) |
634 |
- |
635 |
- --prefix="${EPREFIX}"/usr |
636 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} |
637 |
- --libdir=$(get_libdir) |
638 |
- |
639 |
- shared |
640 |
- threads |
641 |
- ) |
642 |
- |
643 |
- CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}" |
644 |
- |
645 |
- # Clean out hardcoded flags that openssl uses |
646 |
- local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ |
647 |
- -e 's:^CFLAGS=::' \ |
648 |
- -e 's:\(^\| \)-fomit-frame-pointer::g' \ |
649 |
- -e 's:\(^\| \)-O[^ ]*::g' \ |
650 |
- -e 's:\(^\| \)-march=[^ ]*::g' \ |
651 |
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \ |
652 |
- -e 's:\(^\| \)-m[^ ]*::g' \ |
653 |
- -e 's:^ *::' \ |
654 |
- -e 's: *$::' \ |
655 |
- -e 's: \+: :g' \ |
656 |
- -e 's:\\:\\\\:g' |
657 |
- ) |
658 |
- |
659 |
- # Now insert clean default flags with user flags |
660 |
- sed -i \ |
661 |
- -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ |
662 |
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ |
663 |
- Makefile || die |
664 |
-} |
665 |
- |
666 |
-multilib_src_compile() { |
667 |
- # depend is needed to use $confopts; it also doesn't matter |
668 |
- # that it's -j1 as the code itself serializes subdirs |
669 |
- emake -j1 depend |
670 |
- |
671 |
- emake all |
672 |
-} |
673 |
- |
674 |
-multilib_src_test() { |
675 |
- emake -j1 test |
676 |
-} |
677 |
- |
678 |
-multilib_src_install() { |
679 |
- # We need to create ${ED}/usr on our own to avoid a race condition (bug #665130) |
680 |
- dodir /usr |
681 |
- |
682 |
- emake DESTDIR="${D}" install |
683 |
- |
684 |
- # This is crappy in that the static archives are still built even |
685 |
- # when USE=static-libs. But this is due to a failing in the openssl |
686 |
- # build system: the static archives are built as PIC all the time. |
687 |
- # Only way around this would be to manually configure+compile openssl |
688 |
- # twice; once with shared lib support enabled and once without. |
689 |
- if ! use static-libs; then |
690 |
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die |
691 |
- fi |
692 |
-} |
693 |
- |
694 |
-multilib_src_install_all() { |
695 |
- # openssl installs perl version of c_rehash by default, but |
696 |
- # we provide a shell version via app-misc/c_rehash |
697 |
- rm "${ED}"/usr/bin/c_rehash || die |
698 |
- |
699 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el |
700 |
- |
701 |
- # Create the certs directory |
702 |
- keepdir ${SSL_CNF_DIR}/certs |
703 |
- |
704 |
- # Namespace openssl programs to prevent conflicts with other man pages |
705 |
- cd "${ED}"/usr/share/man || die |
706 |
- local m d s |
707 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
708 |
- d=${m%/*} |
709 |
- d=${d#./} |
710 |
- m=${m##*/} |
711 |
- |
712 |
- [[ ${m} == openssl.1* ]] && continue |
713 |
- |
714 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
715 |
- |
716 |
- mv ${d}/{,ssl-}${m} || die |
717 |
- |
718 |
- # Fix up references to renamed man pages |
719 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die |
720 |
- ln -s ssl-${m} ${d}/openssl-${m} |
721 |
- |
722 |
- # Locate any symlinks that point to this man page |
723 |
- # We assume that any broken links are due to the above renaming |
724 |
- for s in $(find -L ${d} -type l) ; do |
725 |
- s=${s##*/} |
726 |
- |
727 |
- rm -f ${d}/${s} |
728 |
- |
729 |
- # We don't want to "|| die" here |
730 |
- ln -s ssl-${m} ${d}/ssl-${s} |
731 |
- ln -s ssl-${s} ${d}/openssl-${s} |
732 |
- done |
733 |
- done |
734 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
735 |
- |
736 |
- # bug #254521 |
737 |
- dodir /etc/sandbox.d |
738 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
739 |
- |
740 |
- diropts -m0700 |
741 |
- keepdir ${SSL_CNF_DIR}/private |
742 |
-} |
743 |
- |
744 |
-pkg_postinst() { |
745 |
- ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)" |
746 |
- c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null |
747 |
- eend $? |
748 |
-} |
749 |
|
750 |
diff --git a/dev-libs/openssl/openssl-1.1.1o.ebuild b/dev-libs/openssl/openssl-1.1.1o.ebuild |
751 |
deleted file mode 100644 |
752 |
index 730dfb22685e..000000000000 |
753 |
--- a/dev-libs/openssl/openssl-1.1.1o.ebuild |
754 |
+++ /dev/null |
755 |
@@ -1,318 +0,0 @@ |
756 |
-# Copyright 1999-2022 Gentoo Authors |
757 |
-# Distributed under the terms of the GNU General Public License v2 |
758 |
- |
759 |
-EAPI="7" |
760 |
- |
761 |
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig |
762 |
- |
763 |
-MY_P=${P/_/-} |
764 |
- |
765 |
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
766 |
-HOMEPAGE="https://www.openssl.org/" |
767 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
768 |
- https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-test-fixes-expiry.patch.xz |
769 |
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" |
770 |
-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc |
771 |
- |
772 |
-LICENSE="openssl" |
773 |
-SLOT="0/1.1" # .so version of libssl/libcrypto |
774 |
-[[ "${PV}" = *_pre* ]] || \ |
775 |
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
776 |
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" |
777 |
-RESTRICT="!test? ( test )" |
778 |
- |
779 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
780 |
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" |
781 |
-DEPEND="${RDEPEND}" |
782 |
-BDEPEND=" |
783 |
- >=dev-lang/perl-5 |
784 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
785 |
- test? ( |
786 |
- sys-apps/diffutils |
787 |
- sys-devel/bc |
788 |
- kernel_linux? ( sys-process/procps ) |
789 |
- ) |
790 |
- verify-sig? ( sec-keys/openpgp-keys-openssl )" |
791 |
-PDEPEND="app-misc/ca-certificates" |
792 |
- |
793 |
-S="${WORKDIR}/${MY_P}" |
794 |
- |
795 |
-# force upgrade to prevent broken login, bug 696950 |
796 |
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" |
797 |
- |
798 |
-MULTILIB_WRAPPED_HEADERS=( |
799 |
- usr/include/openssl/opensslconf.h |
800 |
-) |
801 |
- |
802 |
-PATCHES=( |
803 |
- "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 |
804 |
- "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch |
805 |
- "${WORKDIR}"/${P}-test-fixes-expiry.patch |
806 |
-) |
807 |
- |
808 |
-pkg_setup() { |
809 |
- [[ ${MERGE_TYPE} == binary ]] && return |
810 |
- |
811 |
- # must check in pkg_setup; sysctl don't work with userpriv! |
812 |
- if use test && use sctp; then |
813 |
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" |
814 |
- # if sctp.auth_enable is not enabled. |
815 |
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) |
816 |
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then |
817 |
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" |
818 |
- fi |
819 |
- fi |
820 |
-} |
821 |
- |
822 |
-src_unpack() { |
823 |
- # Can delete this once test fix patch is dropped |
824 |
- if use verify-sig ; then |
825 |
- # Needed for downloaded patch (which is unsigned, which is fine) |
826 |
- verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} |
827 |
- fi |
828 |
- |
829 |
- default |
830 |
-} |
831 |
- |
832 |
-src_prepare() { |
833 |
- # allow openssl to be cross-compiled |
834 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
835 |
- chmod a+rx gentoo.config || die |
836 |
- |
837 |
- # keep this in sync with app-misc/c_rehash |
838 |
- SSL_CNF_DIR="/etc/ssl" |
839 |
- |
840 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
841 |
- # that gets blown away anyways by the Configure script in src_configure |
842 |
- rm -f Makefile |
843 |
- |
844 |
- if ! use vanilla ; then |
845 |
- if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then |
846 |
- [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}" |
847 |
- fi |
848 |
- fi |
849 |
- |
850 |
- eapply_user #332661 |
851 |
- |
852 |
- if use test && use sctp && has network-sandbox ${FEATURES}; then |
853 |
- ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox" |
854 |
- rm test/recipes/80-test_ssl_new.t || die |
855 |
- eend $? |
856 |
- fi |
857 |
- |
858 |
- # make sure the man pages are suffixed #302165 |
859 |
- # don't bother building man pages if they're disabled |
860 |
- # Make DOCDIR Gentoo compliant |
861 |
- sed -i \ |
862 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
863 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
864 |
- -e $(has noman FEATURES \ |
865 |
- && echo '/^install:/s:install_docs::' \ |
866 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
867 |
- -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ |
868 |
- Configurations/unix-Makefile.tmpl \ |
869 |
- || die |
870 |
- |
871 |
- # quiet out unknown driver argument warnings since openssl |
872 |
- # doesn't have well-split CFLAGS and we're making it even worse |
873 |
- # and 'make depend' uses -Werror for added fun (#417795 again) |
874 |
- [[ ${CC} == *clang* ]] && append-flags -Qunused-arguments |
875 |
- |
876 |
- # We really, really need to build OpenSSL w/ strict aliasing disabled. |
877 |
- # It's filled with violations and it *will* result in miscompiled |
878 |
- # code. This has been in the ebuild for > 10 years but even in 2022, |
879 |
- # it's still relevant: |
880 |
- # - https://github.com/llvm/llvm-project/issues/55255 |
881 |
- # - https://github.com/openssl/openssl/issues/18225 |
882 |
- # Don't remove the no strict aliasing bits below! |
883 |
- filter-flags -fstrict-aliasing |
884 |
- append-flags -fno-strict-aliasing |
885 |
- |
886 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
887 |
- |
888 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
889 |
- |
890 |
- # Prefixify Configure shebang (#141906) |
891 |
- sed \ |
892 |
- -e "1s,/usr/bin/env,${EPREFIX}&," \ |
893 |
- -i Configure || die |
894 |
- # Remove test target when FEATURES=test isn't set |
895 |
- if ! use test ; then |
896 |
- sed \ |
897 |
- -e '/^$config{dirs}/s@ "test",@@' \ |
898 |
- -i Configure || die |
899 |
- fi |
900 |
- |
901 |
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then |
902 |
- # use GNU ld full option, not to confuse it on Solaris |
903 |
- sed -i \ |
904 |
- -e 's/-Wl,-M,/-Wl,--version-script=/' \ |
905 |
- -e 's/-Wl,-h,/-Wl,--soname=/' \ |
906 |
- Configurations/10-main.conf || die |
907 |
- |
908 |
- # fix building on Solaris 10 |
909 |
- # https://github.com/openssl/openssl/issues/6333 |
910 |
- sed -i \ |
911 |
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ |
912 |
- Configurations/10-main.conf || die |
913 |
- fi |
914 |
- |
915 |
- # The config script does stupid stuff to prompt the user. Kill it. |
916 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
917 |
- ./config --test-sanity || die "I AM NOT SANE" |
918 |
- |
919 |
- multilib_copy_sources |
920 |
-} |
921 |
- |
922 |
-multilib_src_configure() { |
923 |
- unset APPS #197996 |
924 |
- unset SCRIPTS #312551 |
925 |
- unset CROSS_COMPILE #311473 |
926 |
- |
927 |
- tc-export CC AR RANLIB RC |
928 |
- |
929 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
930 |
- |
931 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
932 |
- |
933 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
934 |
- # friendly and can use the nicely optimized code paths. #460790 |
935 |
- local ec_nistp_64_gcc_128 |
936 |
- # Disable it for now though #469976 |
937 |
- # echo "__uint128_t i;" > "${T}"/128.c |
938 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
939 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
940 |
- # fi |
941 |
- |
942 |
- local sslout=$(./gentoo.config) |
943 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
944 |
- local config="Configure" |
945 |
- [[ -z ${sslout} ]] && config="config" |
946 |
- |
947 |
- # "disable-deprecated" option breaks too many consumers. |
948 |
- # Don't set it without thorough revdeps testing. |
949 |
- # Make sure user flags don't get added *yet* to avoid duplicated |
950 |
- # flags. |
951 |
- CFLAGS= LDFLAGS= edo ./${config} \ |
952 |
- ${sslout} \ |
953 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") \ |
954 |
- enable-camellia \ |
955 |
- enable-ec \ |
956 |
- enable-ec2m \ |
957 |
- enable-sm2 \ |
958 |
- enable-srp \ |
959 |
- $(use elibc_musl && echo "no-async") \ |
960 |
- ${ec_nistp_64_gcc_128} \ |
961 |
- enable-idea \ |
962 |
- enable-mdc2 \ |
963 |
- enable-rc5 \ |
964 |
- $(use_ssl sslv3 ssl3) \ |
965 |
- $(use_ssl sslv3 ssl3-method) \ |
966 |
- $(use_ssl asm) \ |
967 |
- $(use_ssl rfc3779) \ |
968 |
- $(use_ssl sctp) \ |
969 |
- $(use test || echo "no-tests") \ |
970 |
- $(use_ssl tls-compression zlib) \ |
971 |
- $(use_ssl tls-heartbeat heartbeats) \ |
972 |
- $(use_ssl weak-ssl-ciphers) \ |
973 |
- --prefix="${EPREFIX}"/usr \ |
974 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ |
975 |
- --libdir=$(get_libdir) \ |
976 |
- shared threads |
977 |
- |
978 |
- # Clean out hardcoded flags that openssl uses |
979 |
- local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ |
980 |
- -e 's:^CFLAGS=::' \ |
981 |
- -e 's:\(^\| \)-fomit-frame-pointer::g' \ |
982 |
- -e 's:\(^\| \)-O[^ ]*::g' \ |
983 |
- -e 's:\(^\| \)-march=[^ ]*::g' \ |
984 |
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \ |
985 |
- -e 's:\(^\| \)-m[^ ]*::g' \ |
986 |
- -e 's:^ *::' \ |
987 |
- -e 's: *$::' \ |
988 |
- -e 's: \+: :g' \ |
989 |
- -e 's:\\:\\\\:g' |
990 |
- ) |
991 |
- |
992 |
- # Now insert clean default flags with user flags |
993 |
- sed -i \ |
994 |
- -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ |
995 |
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ |
996 |
- Makefile || die |
997 |
-} |
998 |
- |
999 |
-multilib_src_compile() { |
1000 |
- # depend is needed to use $confopts; it also doesn't matter |
1001 |
- # that it's -j1 as the code itself serializes subdirs |
1002 |
- emake -j1 depend |
1003 |
- emake all |
1004 |
-} |
1005 |
- |
1006 |
-multilib_src_test() { |
1007 |
- emake -j1 test |
1008 |
-} |
1009 |
- |
1010 |
-multilib_src_install() { |
1011 |
- # We need to create $ED/usr on our own to avoid a race condition #665130 |
1012 |
- if [[ ! -d "${ED}/usr" ]]; then |
1013 |
- # We can only create this directory once |
1014 |
- mkdir "${ED}"/usr || die |
1015 |
- fi |
1016 |
- |
1017 |
- emake DESTDIR="${D}" install |
1018 |
- |
1019 |
- # This is crappy in that the static archives are still built even |
1020 |
- # when USE=static-libs. But this is due to a failing in the openssl |
1021 |
- # build system: the static archives are built as PIC all the time. |
1022 |
- # Only way around this would be to manually configure+compile openssl |
1023 |
- # twice; once with shared lib support enabled and once without. |
1024 |
- if ! use static-libs; then |
1025 |
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die |
1026 |
- fi |
1027 |
-} |
1028 |
- |
1029 |
-multilib_src_install_all() { |
1030 |
- # openssl installs perl version of c_rehash by default, but |
1031 |
- # we provide a shell version via app-misc/c_rehash |
1032 |
- rm "${ED}"/usr/bin/c_rehash || die |
1033 |
- |
1034 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el |
1035 |
- |
1036 |
- # create the certs directory |
1037 |
- keepdir ${SSL_CNF_DIR}/certs |
1038 |
- |
1039 |
- # Namespace openssl programs to prevent conflicts with other man pages |
1040 |
- cd "${ED}"/usr/share/man || die |
1041 |
- local m d s |
1042 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
1043 |
- d=${m%/*} ; d=${d#./} ; m=${m##*/} |
1044 |
- [[ ${m} == openssl.1* ]] && continue |
1045 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
1046 |
- mv ${d}/{,ssl-}${m} |
1047 |
- # fix up references to renamed man pages |
1048 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} |
1049 |
- ln -s ssl-${m} ${d}/openssl-${m} |
1050 |
- # locate any symlinks that point to this man page ... we assume |
1051 |
- # that any broken links are due to the above renaming |
1052 |
- for s in $(find -L ${d} -type l) ; do |
1053 |
- s=${s##*/} |
1054 |
- rm -f ${d}/${s} |
1055 |
- # We don't want to "|| die" here |
1056 |
- ln -s ssl-${m} ${d}/ssl-${s} |
1057 |
- ln -s ssl-${s} ${d}/openssl-${s} |
1058 |
- done |
1059 |
- done |
1060 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
1061 |
- |
1062 |
- dodir /etc/sandbox.d #254521 |
1063 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
1064 |
- |
1065 |
- diropts -m0700 |
1066 |
- keepdir ${SSL_CNF_DIR}/private |
1067 |
-} |
1068 |
- |
1069 |
-pkg_postinst() { |
1070 |
- ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" |
1071 |
- c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null |
1072 |
- eend $? |
1073 |
-} |
1074 |
|
1075 |
diff --git a/dev-libs/openssl/openssl-1.1.1p.ebuild b/dev-libs/openssl/openssl-1.1.1p.ebuild |
1076 |
deleted file mode 100644 |
1077 |
index fef3fdf53f3f..000000000000 |
1078 |
--- a/dev-libs/openssl/openssl-1.1.1p.ebuild |
1079 |
+++ /dev/null |
1080 |
@@ -1,337 +0,0 @@ |
1081 |
-# Copyright 1999-2022 Gentoo Authors |
1082 |
-# Distributed under the terms of the GNU General Public License v2 |
1083 |
- |
1084 |
-EAPI=8 |
1085 |
- |
1086 |
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc |
1087 |
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig |
1088 |
- |
1089 |
-MY_P=${P/_/-} |
1090 |
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)" |
1091 |
-HOMEPAGE="https://www.openssl.org/" |
1092 |
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz |
1093 |
- verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" |
1094 |
-S="${WORKDIR}/${MY_P}" |
1095 |
- |
1096 |
-LICENSE="openssl" |
1097 |
-SLOT="0/1.1" # .so version of libssl/libcrypto |
1098 |
-if [[ ${PV} != *_pre* ]] ; then |
1099 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
1100 |
-fi |
1101 |
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers" |
1102 |
-RESTRICT="!test? ( test )" |
1103 |
- |
1104 |
-RDEPEND=">=app-misc/c_rehash-1.7-r1 |
1105 |
- tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" |
1106 |
-DEPEND="${RDEPEND}" |
1107 |
-BDEPEND=" |
1108 |
- >=dev-lang/perl-5 |
1109 |
- sctp? ( >=net-misc/lksctp-tools-1.0.12 ) |
1110 |
- test? ( |
1111 |
- sys-apps/diffutils |
1112 |
- sys-devel/bc |
1113 |
- kernel_linux? ( sys-process/procps ) |
1114 |
- ) |
1115 |
- verify-sig? ( sec-keys/openpgp-keys-openssl )" |
1116 |
-PDEPEND="app-misc/ca-certificates" |
1117 |
- |
1118 |
-# force upgrade to prevent broken login, bug #696950 |
1119 |
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3" |
1120 |
- |
1121 |
-MULTILIB_WRAPPED_HEADERS=( |
1122 |
- usr/include/openssl/opensslconf.h |
1123 |
-) |
1124 |
- |
1125 |
-PATCHES=( |
1126 |
- # General patches which are suitable to always apply |
1127 |
- # If they're Gentoo specific, add to USE=-vanilla logic in src_prepare! |
1128 |
- "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 |
1129 |
- "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch |
1130 |
- "${FILESDIR}"/${P}-fix-test-build.patch |
1131 |
-) |
1132 |
- |
1133 |
-pkg_setup() { |
1134 |
- [[ ${MERGE_TYPE} == binary ]] && return |
1135 |
- |
1136 |
- # must check in pkg_setup; sysctl doesn't work with userpriv! |
1137 |
- if use test && use sctp; then |
1138 |
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" |
1139 |
- # if sctp.auth_enable is not enabled. |
1140 |
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) |
1141 |
- if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then |
1142 |
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" |
1143 |
- fi |
1144 |
- fi |
1145 |
-} |
1146 |
- |
1147 |
-src_unpack() { |
1148 |
- # Can delete this once test fix patch is dropped |
1149 |
- if use verify-sig ; then |
1150 |
- # Needed for downloaded patch (which is unsigned, which is fine) |
1151 |
- verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} |
1152 |
- fi |
1153 |
- |
1154 |
- default |
1155 |
-} |
1156 |
- |
1157 |
-src_prepare() { |
1158 |
- # Allow openssl to be cross-compiled |
1159 |
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die |
1160 |
- chmod a+rx gentoo.config || die |
1161 |
- |
1162 |
- # Keep this in sync with app-misc/c_rehash |
1163 |
- SSL_CNF_DIR="/etc/ssl" |
1164 |
- |
1165 |
- # Make sure we only ever touch Makefile.org and avoid patching a file |
1166 |
- # that gets blown away anyways by the Configure script in src_configure |
1167 |
- rm -f Makefile |
1168 |
- |
1169 |
- if ! use vanilla ; then |
1170 |
- PATCHES+=( |
1171 |
- # Add patches which are Gentoo-specific customisations here |
1172 |
- ) |
1173 |
- fi |
1174 |
- |
1175 |
- default |
1176 |
- |
1177 |
- if use test && use sctp && has network-sandbox ${FEATURES}; then |
1178 |
- einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." |
1179 |
- rm test/recipes/80-test_ssl_new.t || die |
1180 |
- fi |
1181 |
- |
1182 |
- # - Make sure the man pages are suffixed (bug #302165) |
1183 |
- # - Don't bother building man pages if they're disabled |
1184 |
- # - Make DOCDIR Gentoo compliant |
1185 |
- sed -i \ |
1186 |
- -e '/^MANSUFFIX/s:=.*:=ssl:' \ |
1187 |
- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ |
1188 |
- -e $(has noman FEATURES \ |
1189 |
- && echo '/^install:/s:install_docs::' \ |
1190 |
- || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ |
1191 |
- -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \ |
1192 |
- Configurations/unix-Makefile.tmpl \ |
1193 |
- || die |
1194 |
- |
1195 |
- # Quiet out unknown driver argument warnings since openssl |
1196 |
- # doesn't have well-split CFLAGS and we're making it even worse |
1197 |
- # and 'make depend' uses -Werror for added fun (bug #417795 again) |
1198 |
- tc-is-clang && append-flags -Qunused-arguments |
1199 |
- |
1200 |
- # We really, really need to build OpenSSL w/ strict aliasing disabled. |
1201 |
- # It's filled with violations and it *will* result in miscompiled |
1202 |
- # code. This has been in the ebuild for > 10 years but even in 2022, |
1203 |
- # it's still relevant: |
1204 |
- # - https://github.com/llvm/llvm-project/issues/55255 |
1205 |
- # - https://github.com/openssl/openssl/issues/18225 |
1206 |
- # Don't remove the no strict aliasing bits below! |
1207 |
- filter-flags -fstrict-aliasing |
1208 |
- append-flags -fno-strict-aliasing |
1209 |
- |
1210 |
- append-cppflags -DOPENSSL_NO_BUF_FREELISTS |
1211 |
- |
1212 |
- append-flags $(test-flags-CC -Wa,--noexecstack) |
1213 |
- |
1214 |
- # Prefixify Configure shebang (bug #141906) |
1215 |
- sed \ |
1216 |
- -e "1s,/usr/bin/env,${BROOT}&," \ |
1217 |
- -i Configure || die |
1218 |
- |
1219 |
- # Remove test target when FEATURES=test isn't set |
1220 |
- if ! use test ; then |
1221 |
- sed \ |
1222 |
- -e '/^$config{dirs}/s@ "test",@@' \ |
1223 |
- -i Configure || die |
1224 |
- fi |
1225 |
- |
1226 |
- if use prefix && [[ ${CHOST} == *-solaris* ]] ; then |
1227 |
- # use GNU ld full option, not to confuse it on Solaris |
1228 |
- sed -i \ |
1229 |
- -e 's/-Wl,-M,/-Wl,--version-script=/' \ |
1230 |
- -e 's/-Wl,-h,/-Wl,--soname=/' \ |
1231 |
- Configurations/10-main.conf || die |
1232 |
- |
1233 |
- # fix building on Solaris 10 |
1234 |
- # https://github.com/openssl/openssl/issues/6333 |
1235 |
- sed -i \ |
1236 |
- -e 's/-lsocket -lnsl -ldl/-lsocket -lnsl -ldl -lrt/' \ |
1237 |
- Configurations/10-main.conf || die |
1238 |
- fi |
1239 |
- |
1240 |
- # The config script does stupid stuff to prompt the user. Kill it. |
1241 |
- sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
1242 |
- ./config --test-sanity || die "I AM NOT SANE" |
1243 |
- |
1244 |
- multilib_copy_sources |
1245 |
-} |
1246 |
- |
1247 |
-multilib_src_configure() { |
1248 |
- # bug #197996 |
1249 |
- unset APPS |
1250 |
- # bug #312551 |
1251 |
- unset SCRIPTS |
1252 |
- # bug #311473 |
1253 |
- unset CROSS_COMPILE |
1254 |
- |
1255 |
- tc-export AR CC CXX RANLIB RC |
1256 |
- |
1257 |
- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } |
1258 |
- |
1259 |
- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") |
1260 |
- |
1261 |
- # See if our toolchain supports __uint128_t. If so, it's 64bit |
1262 |
- # friendly and can use the nicely optimized code paths, bug #460790. |
1263 |
- local ec_nistp_64_gcc_128 |
1264 |
- |
1265 |
- # Disable it for now though (bug #469976) |
1266 |
- # echo "__uint128_t i;" > "${T}"/128.c |
1267 |
- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then |
1268 |
- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" |
1269 |
- # fi |
1270 |
- |
1271 |
- local sslout=$(./gentoo.config) |
1272 |
- einfo "Use configuration ${sslout:-(openssl knows best)}" |
1273 |
- local config="Configure" |
1274 |
- [[ -z ${sslout} ]] && config="config" |
1275 |
- |
1276 |
- # "disable-deprecated" option breaks too many consumers. |
1277 |
- # Don't set it without thorough revdeps testing. |
1278 |
- # Make sure user flags don't get added *yet* to avoid duplicated |
1279 |
- # flags. |
1280 |
- local myeconfargs=( |
1281 |
- ${sslout} |
1282 |
- |
1283 |
- $(use cpu_flags_x86_sse2 || echo "no-sse2") |
1284 |
- enable-camellia |
1285 |
- enable-ec |
1286 |
- enable-ec2m |
1287 |
- enable-sm2 |
1288 |
- enable-srp |
1289 |
- $(use elibc_musl && echo "no-async") |
1290 |
- ${ec_nistp_64_gcc_128} |
1291 |
- enable-idea |
1292 |
- enable-mdc2 |
1293 |
- enable-rc5 |
1294 |
- $(use_ssl sslv3 ssl3) |
1295 |
- $(use_ssl sslv3 ssl3-method) |
1296 |
- $(use_ssl asm) |
1297 |
- $(use_ssl rfc3779) |
1298 |
- $(use_ssl sctp) |
1299 |
- $(use test || echo "no-tests") |
1300 |
- $(use_ssl tls-compression zlib) |
1301 |
- $(use_ssl tls-heartbeat heartbeats) |
1302 |
- $(use_ssl weak-ssl-ciphers) |
1303 |
- |
1304 |
- --prefix="${EPREFIX}"/usr |
1305 |
- --openssldir="${EPREFIX}"${SSL_CNF_DIR} |
1306 |
- --libdir=$(get_libdir) |
1307 |
- |
1308 |
- shared |
1309 |
- threads |
1310 |
- ) |
1311 |
- |
1312 |
- CFLAGS= LDFLAGS= edo ./${config} "${myeconfargs[@]}" |
1313 |
- |
1314 |
- # Clean out hardcoded flags that openssl uses |
1315 |
- local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \ |
1316 |
- -e 's:^CFLAGS=::' \ |
1317 |
- -e 's:\(^\| \)-fomit-frame-pointer::g' \ |
1318 |
- -e 's:\(^\| \)-O[^ ]*::g' \ |
1319 |
- -e 's:\(^\| \)-march=[^ ]*::g' \ |
1320 |
- -e 's:\(^\| \)-mcpu=[^ ]*::g' \ |
1321 |
- -e 's:\(^\| \)-m[^ ]*::g' \ |
1322 |
- -e 's:^ *::' \ |
1323 |
- -e 's: *$::' \ |
1324 |
- -e 's: \+: :g' \ |
1325 |
- -e 's:\\:\\\\:g' |
1326 |
- ) |
1327 |
- |
1328 |
- # Now insert clean default flags with user flags |
1329 |
- sed -i \ |
1330 |
- -e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \ |
1331 |
- -e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \ |
1332 |
- Makefile || die |
1333 |
-} |
1334 |
- |
1335 |
-multilib_src_compile() { |
1336 |
- # depend is needed to use $confopts; it also doesn't matter |
1337 |
- # that it's -j1 as the code itself serializes subdirs |
1338 |
- emake -j1 depend |
1339 |
- |
1340 |
- emake all |
1341 |
-} |
1342 |
- |
1343 |
-multilib_src_test() { |
1344 |
- emake -j1 test |
1345 |
-} |
1346 |
- |
1347 |
-multilib_src_install() { |
1348 |
- # We need to create ${ED}/usr on our own to avoid a race condition (bug #665130) |
1349 |
- dodir /usr |
1350 |
- |
1351 |
- emake DESTDIR="${D}" install |
1352 |
- |
1353 |
- # This is crappy in that the static archives are still built even |
1354 |
- # when USE=static-libs. But this is due to a failing in the openssl |
1355 |
- # build system: the static archives are built as PIC all the time. |
1356 |
- # Only way around this would be to manually configure+compile openssl |
1357 |
- # twice; once with shared lib support enabled and once without. |
1358 |
- if ! use static-libs; then |
1359 |
- rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die |
1360 |
- fi |
1361 |
-} |
1362 |
- |
1363 |
-multilib_src_install_all() { |
1364 |
- # openssl installs perl version of c_rehash by default, but |
1365 |
- # we provide a shell version via app-misc/c_rehash |
1366 |
- rm "${ED}"/usr/bin/c_rehash || die |
1367 |
- |
1368 |
- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el |
1369 |
- |
1370 |
- # Create the certs directory |
1371 |
- keepdir ${SSL_CNF_DIR}/certs |
1372 |
- |
1373 |
- # Namespace openssl programs to prevent conflicts with other man pages |
1374 |
- cd "${ED}"/usr/share/man || die |
1375 |
- local m d s |
1376 |
- for m in $(find . -type f | xargs grep -L '#include') ; do |
1377 |
- d=${m%/*} |
1378 |
- d=${d#./} |
1379 |
- m=${m##*/} |
1380 |
- |
1381 |
- [[ ${m} == openssl.1* ]] && continue |
1382 |
- |
1383 |
- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" |
1384 |
- |
1385 |
- mv ${d}/{,ssl-}${m} || die |
1386 |
- |
1387 |
- # Fix up references to renamed man pages |
1388 |
- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} || die |
1389 |
- ln -s ssl-${m} ${d}/openssl-${m} |
1390 |
- |
1391 |
- # Locate any symlinks that point to this man page |
1392 |
- # We assume that any broken links are due to the above renaming |
1393 |
- for s in $(find -L ${d} -type l) ; do |
1394 |
- s=${s##*/} |
1395 |
- |
1396 |
- rm -f ${d}/${s} |
1397 |
- |
1398 |
- # We don't want to "|| die" here |
1399 |
- ln -s ssl-${m} ${d}/ssl-${s} |
1400 |
- ln -s ssl-${s} ${d}/openssl-${s} |
1401 |
- done |
1402 |
- done |
1403 |
- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" |
1404 |
- |
1405 |
- # bug #254521 |
1406 |
- dodir /etc/sandbox.d |
1407 |
- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl |
1408 |
- |
1409 |
- diropts -m0700 |
1410 |
- keepdir ${SSL_CNF_DIR}/private |
1411 |
-} |
1412 |
- |
1413 |
-pkg_postinst() { |
1414 |
- ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)" |
1415 |
- c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null |
1416 |
- eend $? |
1417 |
-} |