[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl-compat/
Date:	Thu, 12 Sep 2019 13:57:18
Message-Id:	`1568296625.e0a0f34d749f26e4a03c1a61f0bbd61de0d273de.whissi@gentoo`

1

commit:     e0a0f34d749f26e4a03c1a61f0bbd61de0d273de

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Thu Sep 12 13:57:05 2019 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Thu Sep 12 13:57:05 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0a0f34d

7

8

dev-libs/openssl-compat: bump to v1.0.2t

9

10

Package-Manager: Portage-2.3.75, Repoman-2.3.17

11

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

12

13

 dev-libs/openssl-compat/Manifest                   |   2 +

14

 .../openssl-compat/openssl-compat-1.0.2t.ebuild    | 247 +++++++++++++++++++++

15

 2 files changed, 249 insertions(+)

16

17

diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest

18

index 260480f8468..5966e6d5d9a 100644

19

--- a/dev-libs/openssl-compat/Manifest

20

+++ b/dev-libs/openssl-compat/Manifest

21

@@ -8,3 +8,5 @@ DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24e

22

 DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15

23

 DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19

24

 DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e

25

+DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6

26

+DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71

27

28

diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild

29

new file mode 100644

30

index 00000000000..4f49e0ff20c

31

--- /dev/null

32

+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild

33

@@ -0,0 +1,247 @@

34

+# Copyright 1999-2019 Gentoo Authors

35

+# Distributed under the terms of the GNU General Public License v2

36

+

37

+EAPI="7"

38

+

39

+inherit flag-o-matic toolchain-funcs multilib multilib-minimal

40

+

41

+# openssl-1.0.2-patches-1.6 contain additional CVE patches

42

+# which got fixed with this release.

43

+# Please use 1.7 version number when rolling a new tarball!

44

+PATCH_SET="openssl-1.0.2-patches-1.5"

45

+

46

+MY_P=openssl-${PV/_/-}

47

+

48

+# This patch set is based on the following files from Fedora 25,

49

+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec

50

+# for more details:

51

+# - hobble-openssl (SOURCE1)

52

+# - ec_curve.c (SOURCE12) -- MODIFIED

53

+# - ectest.c (SOURCE13)

54

+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED

55

+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"

56

+

57

+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"

58

+HOMEPAGE="https://www.openssl.org/"

59

+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz

60

+	bindist? (

61

+		mirror://gentoo/${BINDIST_PATCH_SET}

62

+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}

63

+	)

64

+	!vanilla? (

65

+		mirror://gentoo/${PATCH_SET}.tar.xz

66

+		https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz

67

+		https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz

68

+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz

69

+	)"

70

+

71

+LICENSE="openssl"

72

+SLOT="1.0.0"

73

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"

74

+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"

75

+RESTRICT="!bindist? ( bindist )"

76

+

77

+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

78

+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )

79

+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )

80

+	!=dev-libs/openssl-1.0.2*:0"

81

+DEPEND="${RDEPEND}"

82

+BDEPEND="

83

+	>=dev-lang/perl-5

84

+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

85

+	test? (

86

+		sys-apps/diffutils

87

+		sys-devel/bc

88

+	)"

89

+

90

+RESTRICT="test"

91

+

92

+# Do not install any docs

93

+DOCS=()

94

+

95

+S="${WORKDIR}/${MY_P}"

96

+

97

+MULTILIB_WRAPPED_HEADERS=(

98

+	usr/include/openssl/opensslconf.h

99

+)

100

+

101

+src_prepare() {

102

+	if use bindist; then

103

+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die

104

+		bash "${WORKDIR}"/hobble-openssl || die

105

+

106

+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die

107

+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die

108

+

109

+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch

110

+

111

+		# Also see the configure parts below:

112

+		# enable-ec \

113

+		# $(use_ssl !bindist ec2m) \

114

+		# $(use_ssl !bindist srp) \

115

+	fi

116

+

117

+	# keep this in sync with app-misc/c_rehash

118

+	SSL_CNF_DIR="/etc/ssl"

119

+

120

+	# Make sure we only ever touch Makefile.org and avoid patching a file

121

+	# that gets blown away anyways by the Configure script in src_configure

122

+	rm -f Makefile

123

+

124

+	if ! use vanilla ; then

125

+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then

126

+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"

127

+		fi

128

+	fi

129

+

130

+	eapply_user

131

+

132

+	# disable fips in the build

133

+	# make sure the man pages are suffixed #302165

134

+	# don't bother building man pages if they're disabled

135

+	sed -i \

136

+		-e '/DIRS/s: fips : :g' \

137

+		-e '/^MANSUFFIX/s:=.*:=ssl:' \

138

+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

139

+		-e $(has noman FEATURES \

140

+			&& echo '/^install:/s:install_docs::' \

141

+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \

142

+		Makefile.org \

143

+		|| die

144

+	# show the actual commands in the log

145

+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared

146

+

147

+	# since we're forcing $(CC) as makedep anyway, just fix

148

+	# the conditional as always-on

149

+	# helps clang (#417795), and versioned gcc (#499818)

150

+	# this breaks build with 1.0.2p, not sure if it is needed anymore

151

+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die

152

+

153

+	# quiet out unknown driver argument warnings since openssl

154

+	# doesn't have well-split CFLAGS and we're making it even worse

155

+	# and 'make depend' uses -Werror for added fun (#417795 again)

156

+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

157

+

158

+	# allow openssl to be cross-compiled

159

+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

160

+	chmod a+rx gentoo.config || die

161

+

162

+	append-flags -fno-strict-aliasing

163

+	append-flags $(test-flags-CC -Wa,--noexecstack)

164

+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS

165

+

166

+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906

167

+	# The config script does stupid stuff to prompt the user.  Kill it.

168

+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die

169

+	./config --test-sanity || die "I AM NOT SANE"

170

+

171

+	multilib_copy_sources

172

+}

173

+

174

+multilib_src_configure() {

175

+	unset APPS #197996

176

+	unset SCRIPTS #312551

177

+	unset CROSS_COMPILE #311473

178

+

179

+	tc-export CC AR RANLIB RC

180

+

181

+	# Clean out patent-or-otherwise-encumbered code

182

+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)

183

+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

184

+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

185

+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2

186

+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5

187

+

188

+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }

189

+	echoit() { echo "$@" ; "$@" ; }

190

+

191

+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

192

+

193

+	# See if our toolchain supports __uint128_t.  If so, it's 64bit

194

+	# friendly and can use the nicely optimized code paths. #460790

195

+	local ec_nistp_64_gcc_128

196

+	# Disable it for now though #469976

197

+	#if ! use bindist ; then

198

+	#	echo "__uint128_t i;" > "${T}"/128.c

199

+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then

200

+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"

201

+	#	fi

202

+	#fi

203

+

204

+	# https://github.com/openssl/openssl/issues/2286

205

+	if use ia64 ; then

206

+		replace-flags -g3 -g2

207

+		replace-flags -ggdb3 -ggdb2

208

+	fi

209

+

210

+	local sslout=$(./gentoo.config)

211

+	einfo "Use configuration ${sslout:-(openssl knows best)}"

212

+	local config="Configure"

213

+	[[ -z ${sslout} ]] && config="config"

214

+

215

+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'

216

+	# Make sure user flags don't get added *yet* to avoid duplicated

217

+	# flags.

218

+	CFLAGS= LDFLAGS= echoit \

219

+	./${config} \

220

+		${sslout} \

221

+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \

222

+		enable-camellia \

223

+		enable-ec \

224

+		$(use_ssl !bindist ec2m) \

225

+		$(use_ssl !bindist srp) \

226

+		${ec_nistp_64_gcc_128} \

227

+		enable-idea \

228

+		enable-mdc2 \

229

+		enable-rc5 \

230

+		enable-tlsext \

231

+		$(use_ssl asm) \

232

+		$(use_ssl gmp gmp -lgmp) \

233

+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

234

+		$(use_ssl rfc3779) \

235

+		$(use_ssl sctp) \

236

+		$(use_ssl sslv2 ssl2) \

237

+		$(use_ssl sslv3 ssl3) \

238

+		$(use_ssl tls-heartbeat heartbeats) \

239

+		$(use_ssl zlib) \

240

+		--prefix="${EPREFIX}"/usr \

241

+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \

242

+		--libdir=$(get_libdir) \

243

+		shared threads \

244

+		|| die

245

+

246

+	# Clean out hardcoded flags that openssl uses

247

+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \

248

+		-e 's:^CFLAG=::' \

249

+		-e 's:\(^\| \)-fomit-frame-pointer::g' \

250

+		-e 's:\(^\| \)-O[^ ]*::g' \

251

+		-e 's:\(^\| \)-march=[^ ]*::g' \

252

+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \

253

+		-e 's:\(^\| \)-m[^ ]*::g' \

254

+		-e 's:^ *::' \

255

+		-e 's: *$::' \

256

+		-e 's: \+: :g' \

257

+		-e 's:\\:\\\\:g'

258

+	)

259

+

260

+	# Now insert clean default flags with user flags

261

+	sed -i \

262

+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \

263

+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \

264

+		Makefile || die

265

+}

266

+

267

+multilib_src_compile() {

268

+	# depend is needed to use $confopts; it also doesn't matter

269

+	# that it's -j1 as the code itself serializes subdirs

270

+	emake -j1 V=1 depend

271

+	emake build_libs

272

+}

273

+

274

+multilib_src_test() {

275

+	emake -j1 test

276

+}

277

+

278

+multilib_src_install() {

279

+	dolib.so lib{crypto,ssl}.so.${SLOT}

280

+}

1	commit: e0a0f34d749f26e4a03c1a61f0bbd61de0d273de
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Thu Sep 12 13:57:05 2019 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Thu Sep 12 13:57:05 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0a0f34d
7
8	dev-libs/openssl-compat: bump to v1.0.2t
9
10	Package-Manager: Portage-2.3.75, Repoman-2.3.17
11	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13	dev-libs/openssl-compat/Manifest \| 2 +
14	.../openssl-compat/openssl-compat-1.0.2t.ebuild \| 247 +++++++++++++++++++++
15	2 files changed, 249 insertions(+)
16
17	diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
18	index 260480f8468..5966e6d5d9a 100644
19	--- a/dev-libs/openssl-compat/Manifest
20	+++ b/dev-libs/openssl-compat/Manifest
21	@@ -8,3 +8,5 @@ DIST openssl-1.0.2s.tar.gz 5349149 BLAKE2B 46c72dcceb5b473b129be0a895f3d6c25a24e
22	DIST openssl-1.0.2s_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
23	DIST openssl-1.0.2s_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
24	DIST openssl-1.0.2s_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
25	+DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
26	+DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
27
28	diff --git a/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
29	new file mode 100644
30	index 00000000000..4f49e0ff20c
31	--- /dev/null
32	+++ b/dev-libs/openssl-compat/openssl-compat-1.0.2t.ebuild
33	@@ -0,0 +1,247 @@
34	+# Copyright 1999-2019 Gentoo Authors
35	+# Distributed under the terms of the GNU General Public License v2
36	+
37	+EAPI="7"
38	+
39	+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
40	+
41	+# openssl-1.0.2-patches-1.6 contain additional CVE patches
42	+# which got fixed with this release.
43	+# Please use 1.7 version number when rolling a new tarball!
44	+PATCH_SET="openssl-1.0.2-patches-1.5"
45	+
46	+MY_P=openssl-${PV/_/-}
47	+
48	+# This patch set is based on the following files from Fedora 25,
49	+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
50	+# for more details:
51	+# - hobble-openssl (SOURCE1)
52	+# - ec_curve.c (SOURCE12) -- MODIFIED
53	+# - ectest.c (SOURCE13)
54	+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
55	+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
56	+
57	+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
58	+HOMEPAGE="https://www.openssl.org/"
59	+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
60	+ bindist? (
61	+ mirror://gentoo/${BINDIST_PATCH_SET}
62	+ https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
63	+ )
64	+ !vanilla? (
65	+ mirror://gentoo/${PATCH_SET}.tar.xz
66	+ https://dev.gentoo.org/~chutzpah/dist/openssl/${PATCH_SET}.tar.xz
67	+ https://dev.gentoo.org/~whissi/dist/openssl/${PATCH_SET}.tar.xz
68	+ https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
69	+ )"
70	+
71	+LICENSE="openssl"
72	+SLOT="1.0.0"
73	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
74	+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
75	+RESTRICT="!bindist? ( bindist )"
76	+
77	+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
78	+ kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
79	+ zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
80	+ !=dev-libs/openssl-1.0.2*:0"
81	+DEPEND="${RDEPEND}"
82	+BDEPEND="
83	+ >=dev-lang/perl-5
84	+ sctp? ( >=net-misc/lksctp-tools-1.0.12 )
85	+ test? (
86	+ sys-apps/diffutils
87	+ sys-devel/bc
88	+ )"
89	+
90	+RESTRICT="test"
91	+
92	+# Do not install any docs
93	+DOCS=()
94	+
95	+S="${WORKDIR}/${MY_P}"
96	+
97	+MULTILIB_WRAPPED_HEADERS=(
98	+ usr/include/openssl/opensslconf.h
99	+)
100	+
101	+src_prepare() {
102	+ if use bindist; then
103	+ mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" \|\| die
104	+ bash "${WORKDIR}"/hobble-openssl \|\| die
105	+
106	+ cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ \|\| die
107	+ cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ \|\| die
108	+
109	+ eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
110	+
111	+ # Also see the configure parts below:
112	+ # enable-ec \
113	+ # $(use_ssl !bindist ec2m) \
114	+ # $(use_ssl !bindist srp) \
115	+ fi
116	+
117	+ # keep this in sync with app-misc/c_rehash
118	+ SSL_CNF_DIR="/etc/ssl"
119	+
120	+ # Make sure we only ever touch Makefile.org and avoid patching a file
121	+ # that gets blown away anyways by the Configure script in src_configure
122	+ rm -f Makefile
123	+
124	+ if ! use vanilla ; then
125	+ if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
126	+ [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
127	+ fi
128	+ fi
129	+
130	+ eapply_user
131	+
132	+ # disable fips in the build
133	+ # make sure the man pages are suffixed #302165
134	+ # don't bother building man pages if they're disabled
135	+ sed -i \
136	+ -e '/DIRS/s: fips : :g' \
137	+ -e '/^MANSUFFIX/s:=.*:=ssl:' \
138	+ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
139	+ -e $(has noman FEATURES \
140	+ && echo '/^install:/s:install_docs::' \
141	+ \|\| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
142	+ Makefile.org \
143	+ \|\| die
144	+ # show the actual commands in the log
145	+ sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
146	+
147	+ # since we're forcing $(CC) as makedep anyway, just fix
148	+ # the conditional as always-on
149	+ # helps clang (#417795), and versioned gcc (#499818)
150	+ # this breaks build with 1.0.2p, not sure if it is needed anymore
151	+ #sed -i 's/expr.MAKEDEPEND.;/true;/' util/domd \|\| die
152	+
153	+ # quiet out unknown driver argument warnings since openssl
154	+ # doesn't have well-split CFLAGS and we're making it even worse
155	+ # and 'make depend' uses -Werror for added fun (#417795 again)
156	+ [[ ${CC} == clang ]] && append-flags -Qunused-arguments
157	+
158	+ # allow openssl to be cross-compiled
159	+ cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config \|\| die
160	+ chmod a+rx gentoo.config \|\| die
161	+
162	+ append-flags -fno-strict-aliasing
163	+ append-flags $(test-flags-CC -Wa,--noexecstack)
164	+ append-cppflags -DOPENSSL_NO_BUF_FREELISTS
165	+
166	+ sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
167	+ # The config script does stupid stuff to prompt the user. Kill it.
168	+ sed -i '/stty -icanon min 0 time 50; read waste/d' config \|\| die
169	+ ./config --test-sanity \|\| die "I AM NOT SANE"
170	+
171	+ multilib_copy_sources
172	+}
173	+
174	+multilib_src_configure() {
175	+ unset APPS #197996
176	+ unset SCRIPTS #312551
177	+ unset CROSS_COMPILE #311473
178	+
179	+ tc-export CC AR RANLIB RC
180	+
181	+ # Clean out patent-or-otherwise-encumbered code
182	+ # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
183	+ # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
184	+ # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
185	+ # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
186	+ # RC5: Expired https://en.wikipedia.org/wiki/RC5
187	+
188	+ use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
189	+ echoit() { echo "$@" ; "$@" ; }
190	+
191	+ local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
192	+
193	+ # See if our toolchain supports __uint128_t. If so, it's 64bit
194	+ # friendly and can use the nicely optimized code paths. #460790
195	+ local ec_nistp_64_gcc_128
196	+ # Disable it for now though #469976
197	+ #if ! use bindist ; then
198	+ # echo "__uint128_t i;" > "${T}"/128.c
199	+ # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
200	+ # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
201	+ # fi
202	+ #fi
203	+
204	+ # https://github.com/openssl/openssl/issues/2286
205	+ if use ia64 ; then
206	+ replace-flags -g3 -g2
207	+ replace-flags -ggdb3 -ggdb2
208	+ fi
209	+
210	+ local sslout=$(./gentoo.config)
211	+ einfo "Use configuration ${sslout:-(openssl knows best)}"
212	+ local config="Configure"
213	+ [[ -z ${sslout} ]] && config="config"
214	+
215	+ # Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
216	+ # Make sure user flags don't get added yet to avoid duplicated
217	+ # flags.
218	+ CFLAGS= LDFLAGS= echoit \
219	+ ./${config} \
220	+ ${sslout} \
221	+ $(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
222	+ enable-camellia \
223	+ enable-ec \
224	+ $(use_ssl !bindist ec2m) \
225	+ $(use_ssl !bindist srp) \
226	+ ${ec_nistp_64_gcc_128} \
227	+ enable-idea \
228	+ enable-mdc2 \
229	+ enable-rc5 \
230	+ enable-tlsext \
231	+ $(use_ssl asm) \
232	+ $(use_ssl gmp gmp -lgmp) \
233	+ $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
234	+ $(use_ssl rfc3779) \
235	+ $(use_ssl sctp) \
236	+ $(use_ssl sslv2 ssl2) \
237	+ $(use_ssl sslv3 ssl3) \
238	+ $(use_ssl tls-heartbeat heartbeats) \
239	+ $(use_ssl zlib) \
240	+ --prefix="${EPREFIX}"/usr \
241	+ --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
242	+ --libdir=$(get_libdir) \
243	+ shared threads \
244	+ \|\| die
245	+
246	+ # Clean out hardcoded flags that openssl uses
247	+ local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile \| LC_ALL=C sed \
248	+ -e 's:^CFLAG=::' \
249	+ -e 's:\(^\\| \)-fomit-frame-pointer::g' \
250	+ -e 's:\(^\\| \)-O[^ ]*::g' \
251	+ -e 's:\(^\\| \)-march=[^ ]*::g' \
252	+ -e 's:\(^\\| \)-mcpu=[^ ]*::g' \
253	+ -e 's:\(^\\| \)-m[^ ]*::g' \
254	+ -e 's:^ *::' \
255	+ -e 's: *$::' \
256	+ -e 's: \+: :g' \
257	+ -e 's:\\:\\\\:g'
258	+ )
259	+
260	+ # Now insert clean default flags with user flags
261	+ sed -i \
262	+ -e "/^CFLAG/s\|=.*\|=${DEFAULT_CFLAGS} ${CFLAGS}\|" \
263	+ -e "/^LDFLAGS=/s\|=[[:space:]]*$\|=${LDFLAGS}\|" \
264	+ Makefile \|\| die
265	+}
266	+
267	+multilib_src_compile() {
268	+ # depend is needed to use $confopts; it also doesn't matter
269	+ # that it's -j1 as the code itself serializes subdirs
270	+ emake -j1 V=1 depend
271	+ emake build_libs
272	+}
273	+
274	+multilib_src_test() {
275	+ emake -j1 test
276	+}
277	+
278	+multilib_src_install() {
279	+ dolib.so lib{crypto,ssl}.so.${SLOT}
280	+}

Gentoo Archives: gentoo-commits