[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/
Date:	Tue, 31 Mar 2020 14:05:18
Message-Id:	`1585663507.e8c78ca5a521c7dc6cfc183c7072949eb7b5d140.whissi@gentoo`

1

commit:     e8c78ca5a521c7dc6cfc183c7072949eb7b5d140

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Tue Mar 31 14:04:53 2020 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Tue Mar 31 14:05:07 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8c78ca5

7

8

dev-libs/openssl: drop old

9

10

Package-Manager: Portage-2.3.96, Repoman-2.3.22

11

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

12

13

 dev-libs/openssl/Manifest              |   1 -

14

 dev-libs/openssl/openssl-1.1.1e.ebuild | 324 ---------------------------------

15

 2 files changed, 325 deletions(-)

16

17

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest

18

index 0d29f70e684..c84427c7400 100644

19

--- a/dev-libs/openssl/Manifest

20

+++ b/dev-libs/openssl/Manifest

21

@@ -6,5 +6,4 @@ DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e96248

22

 DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f

23

 DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7

24

 DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea

25

-DIST openssl-1.1.1e.tar.gz 9792634 BLAKE2B d8731ece2f0929fdb71c324480128e182e41bda1b9ef32b9a0ff2d7a1120ad45d918ee6162fbf038bb7459cfad283307d5bc85777fe75fd7b3c11ebab8cfe3ec SHA512 dbc2124f6ce9f1927e2f5e03101ed565d4e52ef09d620200f5cd9372c88c65dd7d74b24b31a8bf404713a5adfab80e0c3b25bf538c52702c4c3af1d80aef16c2

26

 DIST openssl-1.1.1f.tar.gz 9792828 BLAKE2B eba30dd12772cd714666ed8e5371e068623d8bfd4ff45863d10e82c65551654508a27f22f7ef1edadb543ab56f3c4c40ac3bcad665c667eb06ee90c69b24782e SHA512 b00bd9b5ad5298fbceeec6bb19c1ab0c106ca5cfb31178497c58bf7e0e0cf30fcc19c20f84e23af31cc126bf2447d3e4f8461db97bafa7bd78f69561932f000c

27

28

diff --git a/dev-libs/openssl/openssl-1.1.1e.ebuild b/dev-libs/openssl/openssl-1.1.1e.ebuild

29

deleted file mode 100644

30

index ccc0cbc5d58..00000000000

31

--- a/dev-libs/openssl/openssl-1.1.1e.ebuild

32

+++ /dev/null

33

@@ -1,324 +0,0 @@

34

-# Copyright 1999-2020 Gentoo Authors

35

-# Distributed under the terms of the GNU General Public License v2

36

-

37

-EAPI="7"

38

-

39

-inherit flag-o-matic toolchain-funcs multilib multilib-minimal

40

-

41

-MY_P=${P/_/-}

42

-

43

-# This patch set is based on the following files from Fedora 31,

44

-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec

45

-# for more details:

46

-# - hobble-openssl (SOURCE1)

47

-# - ec_curve.c (SOURCE12) -- MODIFIED

48

-# - ectest.c (SOURCE13)

49

-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED

50

-BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"

51

-

52

-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"

53

-HOMEPAGE="https://www.openssl.org/"

54

-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz

55

-	bindist? (

56

-		mirror://gentoo/${BINDIST_PATCH_SET}

57

-		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}

58

-	)"

59

-

60

-LICENSE="openssl"

61

-SLOT="0/1.1" # .so version of libssl/libcrypto

62

-[[ "${PV}" = *_pre* ]] || \

63

-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"

64

-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"

65

-RESTRICT="!bindist? ( bindist )

66

-	!test? ( test )"

67

-

68

-RDEPEND=">=app-misc/c_rehash-1.7-r1

69

-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"

70

-DEPEND="${RDEPEND}"

71

-BDEPEND="

72

-	>=dev-lang/perl-5

73

-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )

74

-	test? (

75

-		sys-apps/diffutils

76

-		sys-devel/bc

77

-		sys-process/procps

78

-	)"

79

-PDEPEND="app-misc/ca-certificates"

80

-

81

-PATCHES=(

82

-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602

83

-)

84

-

85

-S="${WORKDIR}/${MY_P}"

86

-

87

-# force upgrade to prevent broken login, bug 696950

88

-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"

89

-

90

-MULTILIB_WRAPPED_HEADERS=(

91

-	usr/include/openssl/opensslconf.h

92

-)

93

-

94

-pkg_setup() {

95

-	[[ ${MERGE_TYPE} == binary ]] && return

96

-

97

-	# must check in pkg_setup; sysctl don't work with userpriv!

98

-	if has test ${FEATURES} && use sctp; then

99

-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"

100

-		# if sctp.auth_enable is not enabled.

101

-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)

102

-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then

103

-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"

104

-		fi

105

-	fi

106

-}

107

-

108

-src_prepare() {

109

-	# allow openssl to be cross-compiled

110

-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die

111

-	chmod a+rx gentoo.config || die

112

-

113

-	if use bindist; then

114

-		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die

115

-		bash "${WORKDIR}"/hobble-openssl || die

116

-

117

-		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die

118

-		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die

119

-

120

-		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch

121

-

122

-		local known_failing_test

123

-		for known_failing_test in \

124

-			30-test_evp_extra.t \

125

-			80-test_ssl_new.t \

126

-		; do

127

-			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"

128

-			rm test/recipes/${known_failing_test} || die

129

-			eend $?

130

-		done

131

-

132

-		# Also see the configure parts below:

133

-		# enable-ec \

134

-		# $(use_ssl !bindist ec2m) \

135

-	fi

136

-

137

-	# keep this in sync with app-misc/c_rehash

138

-	SSL_CNF_DIR="/etc/ssl"

139

-

140

-	# Make sure we only ever touch Makefile.org and avoid patching a file

141

-	# that gets blown away anyways by the Configure script in src_configure

142

-	rm -f Makefile

143

-

144

-	if ! use vanilla ; then

145

-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then

146

-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"

147

-		fi

148

-	fi

149

-

150

-	eapply_user #332661

151

-

152

-	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then

153

-		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"

154

-		rm test/recipes/80-test_ssl_new.t || die

155

-		eend $?

156

-	fi

157

-

158

-	# make sure the man pages are suffixed #302165

159

-	# don't bother building man pages if they're disabled

160

-	# Make DOCDIR Gentoo compliant

161

-	sed -i \

162

-		-e '/^MANSUFFIX/s:=.*:=ssl:' \

163

-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \

164

-		-e $(has noman FEATURES \

165

-			&& echo '/^install:/s:install_docs::' \

166

-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \

167

-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \

168

-		Configurations/unix-Makefile.tmpl \

169

-		|| die

170

-

171

-	# quiet out unknown driver argument warnings since openssl

172

-	# doesn't have well-split CFLAGS and we're making it even worse

173

-	# and 'make depend' uses -Werror for added fun (#417795 again)

174

-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

175

-

176

-	append-flags -fno-strict-aliasing

177

-	append-flags $(test-flags-CC -Wa,--noexecstack)

178

-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS

179

-

180

-	# Prefixify Configure shebang (#141906)

181

-	sed \

182

-		-e "1s,/usr/bin/env,${EPREFIX}&," \

183

-		-i Configure || die

184

-	# Remove test target when FEATURES=test isn't set

185

-	if ! use test ; then

186

-		sed \

187

-			-e '/^$config{dirs}/s@ "test",@@' \

188

-			-i Configure || die

189

-	fi

190

-	# The config script does stupid stuff to prompt the user.  Kill it.

191

-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die

192

-	./config --test-sanity || die "I AM NOT SANE"

193

-

194

-	multilib_copy_sources

195

-}

196

-

197

-multilib_src_configure() {

198

-	unset APPS #197996

199

-	unset SCRIPTS #312551

200

-	unset CROSS_COMPILE #311473

201

-

202

-	tc-export CC AR RANLIB RC

203

-

204

-	# Clean out patent-or-otherwise-encumbered code

205

-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)

206

-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm

207

-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography

208

-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2

209

-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5

210

-

211

-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }

212

-	echoit() { echo "$@" ; "$@" ; }

213

-

214

-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")

215

-

216

-	# See if our toolchain supports __uint128_t.  If so, it's 64bit

217

-	# friendly and can use the nicely optimized code paths. #460790

218

-	local ec_nistp_64_gcc_128

219

-	# Disable it for now though #469976

220

-	#if ! use bindist ; then

221

-	#	echo "__uint128_t i;" > "${T}"/128.c

222

-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then

223

-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"

224

-	#	fi

225

-	#fi

226

-

227

-	local sslout=$(./gentoo.config)

228

-	einfo "Use configuration ${sslout:-(openssl knows best)}"

229

-	local config="Configure"

230

-	[[ -z ${sslout} ]] && config="config"

231

-

232

-	# Fedora hobbled-EC needs 'no-ec2m'

233

-	# 'srp' was restricted until early 2017 as well.

234

-	# "disable-deprecated" option breaks too many consumers.

235

-	# Don't set it without thorough revdeps testing.

236

-	# Make sure user flags don't get added *yet* to avoid duplicated

237

-	# flags.

238

-	CFLAGS= LDFLAGS= echoit \

239

-	./${config} \

240

-		${sslout} \

241

-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \

242

-		enable-camellia \

243

-		enable-ec \

244

-		$(use_ssl !bindist ec2m) \

245

-		enable-srp \

246

-		$(use elibc_musl && echo "no-async") \

247

-		${ec_nistp_64_gcc_128} \

248

-		enable-idea \

249

-		enable-mdc2 \

250

-		enable-rc5 \

251

-		$(use_ssl sslv3 ssl3) \

252

-		$(use_ssl sslv3 ssl3-method) \

253

-		$(use_ssl asm) \

254

-		$(use_ssl rfc3779) \

255

-		$(use_ssl sctp) \

256

-		$(use_ssl tls-heartbeat heartbeats) \

257

-		$(use_ssl zlib) \

258

-		--prefix="${EPREFIX}"/usr \

259

-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \

260

-		--libdir=$(get_libdir) \

261

-		shared threads \

262

-		|| die

263

-

264

-	# Clean out hardcoded flags that openssl uses

265

-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \

266

-		-e 's:^CFLAGS=::' \

267

-		-e 's:\(^\| \)-fomit-frame-pointer::g' \

268

-		-e 's:\(^\| \)-O[^ ]*::g' \

269

-		-e 's:\(^\| \)-march=[^ ]*::g' \

270

-		-e 's:\(^\| \)-mcpu=[^ ]*::g' \

271

-		-e 's:\(^\| \)-m[^ ]*::g' \

272

-		-e 's:^ *::' \

273

-		-e 's: *$::' \

274

-		-e 's: \+: :g' \

275

-		-e 's:\\:\\\\:g'

276

-	)

277

-

278

-	# Now insert clean default flags with user flags

279

-	sed -i \

280

-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \

281

-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \

282

-		Makefile || die

283

-}

284

-

285

-multilib_src_compile() {

286

-	# depend is needed to use $confopts; it also doesn't matter

287

-	# that it's -j1 as the code itself serializes subdirs

288

-	emake -j1 depend

289

-	emake all

290

-}

291

-

292

-multilib_src_test() {

293

-	emake -j1 test

294

-}

295

-

296

-multilib_src_install() {

297

-	# We need to create $ED/usr on our own to avoid a race condition #665130

298

-	if [[ ! -d "${ED}/usr" ]]; then

299

-		# We can only create this directory once

300

-		mkdir "${ED}"/usr || die

301

-	fi

302

-

303

-	emake DESTDIR="${D}" install

304

-}

305

-

306

-multilib_src_install_all() {

307

-	# openssl installs perl version of c_rehash by default, but

308

-	# we provide a shell version via app-misc/c_rehash

309

-	rm "${ED}"/usr/bin/c_rehash || die

310

-

311

-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el

312

-

313

-	# This is crappy in that the static archives are still built even

314

-	# when USE=static-libs.  But this is due to a failing in the openssl

315

-	# build system: the static archives are built as PIC all the time.

316

-	# Only way around this would be to manually configure+compile openssl

317

-	# twice; once with shared lib support enabled and once without.

318

-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a

319

-

320

-	# create the certs directory

321

-	keepdir ${SSL_CNF_DIR}/certs

322

-

323

-	# Namespace openssl programs to prevent conflicts with other man pages

324

-	cd "${ED}"/usr/share/man || die

325

-	local m d s

326

-	for m in $(find . -type f | xargs grep -L '#include') ; do

327

-		d=${m%/*} ; d=${d#./} ; m=${m##*/}

328

-		[[ ${m} == openssl.1* ]] && continue

329

-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"

330

-		mv ${d}/{,ssl-}${m}

331

-		# fix up references to renamed man pages

332

-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}

333

-		ln -s ssl-${m} ${d}/openssl-${m}

334

-		# locate any symlinks that point to this man page ... we assume

335

-		# that any broken links are due to the above renaming

336

-		for s in $(find -L ${d} -type l) ; do

337

-			s=${s##*/}

338

-			rm -f ${d}/${s}

339

-			# We don't want to "|| die" here

340

-			ln -s ssl-${m} ${d}/ssl-${s}

341

-			ln -s ssl-${s} ${d}/openssl-${s}

342

-		done

343

-	done

344

-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("

345

-

346

-	dodir /etc/sandbox.d #254521

347

-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

348

-

349

-	diropts -m0700

350

-	keepdir ${SSL_CNF_DIR}/private

351

-}

352

-

353

-pkg_postinst() {

354

-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"

355

-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null

356

-	eend $?

357

-}

1	commit: e8c78ca5a521c7dc6cfc183c7072949eb7b5d140
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Tue Mar 31 14:04:53 2020 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Tue Mar 31 14:05:07 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8c78ca5
7
8	dev-libs/openssl: drop old
9
10	Package-Manager: Portage-2.3.96, Repoman-2.3.22
11	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13	dev-libs/openssl/Manifest \| 1 -
14	dev-libs/openssl/openssl-1.1.1e.ebuild \| 324 ---------------------------------
15	2 files changed, 325 deletions(-)
16
17	diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
18	index 0d29f70e684..c84427c7400 100644
19	--- a/dev-libs/openssl/Manifest
20	+++ b/dev-libs/openssl/Manifest
21	@@ -6,5 +6,4 @@ DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e96248
22	DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
23	DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7
24	DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
25	-DIST openssl-1.1.1e.tar.gz 9792634 BLAKE2B d8731ece2f0929fdb71c324480128e182e41bda1b9ef32b9a0ff2d7a1120ad45d918ee6162fbf038bb7459cfad283307d5bc85777fe75fd7b3c11ebab8cfe3ec SHA512 dbc2124f6ce9f1927e2f5e03101ed565d4e52ef09d620200f5cd9372c88c65dd7d74b24b31a8bf404713a5adfab80e0c3b25bf538c52702c4c3af1d80aef16c2
26	DIST openssl-1.1.1f.tar.gz 9792828 BLAKE2B eba30dd12772cd714666ed8e5371e068623d8bfd4ff45863d10e82c65551654508a27f22f7ef1edadb543ab56f3c4c40ac3bcad665c667eb06ee90c69b24782e SHA512 b00bd9b5ad5298fbceeec6bb19c1ab0c106ca5cfb31178497c58bf7e0e0cf30fcc19c20f84e23af31cc126bf2447d3e4f8461db97bafa7bd78f69561932f000c
27
28	diff --git a/dev-libs/openssl/openssl-1.1.1e.ebuild b/dev-libs/openssl/openssl-1.1.1e.ebuild
29	deleted file mode 100644
30	index ccc0cbc5d58..00000000000
31	--- a/dev-libs/openssl/openssl-1.1.1e.ebuild
32	+++ /dev/null
33	@@ -1,324 +0,0 @@
34	-# Copyright 1999-2020 Gentoo Authors
35	-# Distributed under the terms of the GNU General Public License v2
36	-
37	-EAPI="7"
38	-
39	-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
40	-
41	-MY_P=${P/_/-}
42	-
43	-# This patch set is based on the following files from Fedora 31,
44	-# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
45	-# for more details:
46	-# - hobble-openssl (SOURCE1)
47	-# - ec_curve.c (SOURCE12) -- MODIFIED
48	-# - ectest.c (SOURCE13)
49	-# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
50	-BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
51	-
52	-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
53	-HOMEPAGE="https://www.openssl.org/"
54	-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
55	- bindist? (
56	- mirror://gentoo/${BINDIST_PATCH_SET}
57	- https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
58	- )"
59	-
60	-LICENSE="openssl"
61	-SLOT="0/1.1" # .so version of libssl/libcrypto
62	-[[ "${PV}" = _pre ]] \|\| \
63	-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
64	-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
65	-RESTRICT="!bindist? ( bindist )
66	- !test? ( test )"
67	-
68	-RDEPEND=">=app-misc/c_rehash-1.7-r1
69	- zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
70	-DEPEND="${RDEPEND}"
71	-BDEPEND="
72	- >=dev-lang/perl-5
73	- sctp? ( >=net-misc/lksctp-tools-1.0.12 )
74	- test? (
75	- sys-apps/diffutils
76	- sys-devel/bc
77	- sys-process/procps
78	- )"
79	-PDEPEND="app-misc/ca-certificates"
80	-
81	-PATCHES=(
82	- "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
83	-)
84	-
85	-S="${WORKDIR}/${MY_P}"
86	-
87	-# force upgrade to prevent broken login, bug 696950
88	-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
89	-
90	-MULTILIB_WRAPPED_HEADERS=(
91	- usr/include/openssl/opensslconf.h
92	-)
93	-
94	-pkg_setup() {
95	- [[ ${MERGE_TYPE} == binary ]] && return
96	-
97	- # must check in pkg_setup; sysctl don't work with userpriv!
98	- if has test ${FEATURES} && use sctp; then
99	- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
100	- # if sctp.auth_enable is not enabled.
101	- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
102	- if [[ -z "${sctp_auth_status}" ]] \|\| [[ ${sctp_auth_status} != 1 ]]; then
103	- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
104	- fi
105	- fi
106	-}
107	-
108	-src_prepare() {
109	- # allow openssl to be cross-compiled
110	- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config \|\| die
111	- chmod a+rx gentoo.config \|\| die
112	-
113	- if use bindist; then
114	- mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" \|\| die
115	- bash "${WORKDIR}"/hobble-openssl \|\| die
116	-
117	- cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ \|\| die
118	- cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ \|\| die
119	-
120	- eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
121	-
122	- local known_failing_test
123	- for known_failing_test in \
124	- 30-test_evp_extra.t \
125	- 80-test_ssl_new.t \
126	- ; do
127	- ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
128	- rm test/recipes/${known_failing_test} \|\| die
129	- eend $?
130	- done
131	-
132	- # Also see the configure parts below:
133	- # enable-ec \
134	- # $(use_ssl !bindist ec2m) \
135	- fi
136	-
137	- # keep this in sync with app-misc/c_rehash
138	- SSL_CNF_DIR="/etc/ssl"
139	-
140	- # Make sure we only ever touch Makefile.org and avoid patching a file
141	- # that gets blown away anyways by the Configure script in src_configure
142	- rm -f Makefile
143	-
144	- if ! use vanilla ; then
145	- if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
146	- [[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
147	- fi
148	- fi
149	-
150	- eapply_user #332661
151	-
152	- if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
153	- ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
154	- rm test/recipes/80-test_ssl_new.t \|\| die
155	- eend $?
156	- fi
157	-
158	- # make sure the man pages are suffixed #302165
159	- # don't bother building man pages if they're disabled
160	- # Make DOCDIR Gentoo compliant
161	- sed -i \
162	- -e '/^MANSUFFIX/s:=.*:=ssl:' \
163	- -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
164	- -e $(has noman FEATURES \
165	- && echo '/^install:/s:install_docs::' \
166	- \|\| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
167	- -e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
168	- Configurations/unix-Makefile.tmpl \
169	- \|\| die
170	-
171	- # quiet out unknown driver argument warnings since openssl
172	- # doesn't have well-split CFLAGS and we're making it even worse
173	- # and 'make depend' uses -Werror for added fun (#417795 again)
174	- [[ ${CC} == clang ]] && append-flags -Qunused-arguments
175	-
176	- append-flags -fno-strict-aliasing
177	- append-flags $(test-flags-CC -Wa,--noexecstack)
178	- append-cppflags -DOPENSSL_NO_BUF_FREELISTS
179	-
180	- # Prefixify Configure shebang (#141906)
181	- sed \
182	- -e "1s,/usr/bin/env,${EPREFIX}&," \
183	- -i Configure \|\| die
184	- # Remove test target when FEATURES=test isn't set
185	- if ! use test ; then
186	- sed \
187	- -e '/^$config{dirs}/s@ "test",@@' \
188	- -i Configure \|\| die
189	- fi
190	- # The config script does stupid stuff to prompt the user. Kill it.
191	- sed -i '/stty -icanon min 0 time 50; read waste/d' config \|\| die
192	- ./config --test-sanity \|\| die "I AM NOT SANE"
193	-
194	- multilib_copy_sources
195	-}
196	-
197	-multilib_src_configure() {
198	- unset APPS #197996
199	- unset SCRIPTS #312551
200	- unset CROSS_COMPILE #311473
201	-
202	- tc-export CC AR RANLIB RC
203	-
204	- # Clean out patent-or-otherwise-encumbered code
205	- # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher)
206	- # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
207	- # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
208	- # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2
209	- # RC5: Expired https://en.wikipedia.org/wiki/RC5
210	-
211	- use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
212	- echoit() { echo "$@" ; "$@" ; }
213	-
214	- local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" \|\| echo "Heimdal")
215	-
216	- # See if our toolchain supports __uint128_t. If so, it's 64bit
217	- # friendly and can use the nicely optimized code paths. #460790
218	- local ec_nistp_64_gcc_128
219	- # Disable it for now though #469976
220	- #if ! use bindist ; then
221	- # echo "__uint128_t i;" > "${T}"/128.c
222	- # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
223	- # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
224	- # fi
225	- #fi
226	-
227	- local sslout=$(./gentoo.config)
228	- einfo "Use configuration ${sslout:-(openssl knows best)}"
229	- local config="Configure"
230	- [[ -z ${sslout} ]] && config="config"
231	-
232	- # Fedora hobbled-EC needs 'no-ec2m'
233	- # 'srp' was restricted until early 2017 as well.
234	- # "disable-deprecated" option breaks too many consumers.
235	- # Don't set it without thorough revdeps testing.
236	- # Make sure user flags don't get added yet to avoid duplicated
237	- # flags.
238	- CFLAGS= LDFLAGS= echoit \
239	- ./${config} \
240	- ${sslout} \
241	- $(use cpu_flags_x86_sse2 \|\| echo "no-sse2") \
242	- enable-camellia \
243	- enable-ec \
244	- $(use_ssl !bindist ec2m) \
245	- enable-srp \
246	- $(use elibc_musl && echo "no-async") \
247	- ${ec_nistp_64_gcc_128} \
248	- enable-idea \
249	- enable-mdc2 \
250	- enable-rc5 \
251	- $(use_ssl sslv3 ssl3) \
252	- $(use_ssl sslv3 ssl3-method) \
253	- $(use_ssl asm) \
254	- $(use_ssl rfc3779) \
255	- $(use_ssl sctp) \
256	- $(use_ssl tls-heartbeat heartbeats) \
257	- $(use_ssl zlib) \
258	- --prefix="${EPREFIX}"/usr \
259	- --openssldir="${EPREFIX}"${SSL_CNF_DIR} \
260	- --libdir=$(get_libdir) \
261	- shared threads \
262	- \|\| die
263	-
264	- # Clean out hardcoded flags that openssl uses
265	- local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile \| LC_ALL=C sed \
266	- -e 's:^CFLAGS=::' \
267	- -e 's:\(^\\| \)-fomit-frame-pointer::g' \
268	- -e 's:\(^\\| \)-O[^ ]*::g' \
269	- -e 's:\(^\\| \)-march=[^ ]*::g' \
270	- -e 's:\(^\\| \)-mcpu=[^ ]*::g' \
271	- -e 's:\(^\\| \)-m[^ ]*::g' \
272	- -e 's:^ *::' \
273	- -e 's: *$::' \
274	- -e 's: \+: :g' \
275	- -e 's:\\:\\\\:g'
276	- )
277	-
278	- # Now insert clean default flags with user flags
279	- sed -i \
280	- -e "/^CFLAGS=/s\|=.*\|=${DEFAULT_CFLAGS} ${CFLAGS}\|" \
281	- -e "/^LDFLAGS=/s\|=[[:space:]]*$\|=${LDFLAGS}\|" \
282	- Makefile \|\| die
283	-}
284	-
285	-multilib_src_compile() {
286	- # depend is needed to use $confopts; it also doesn't matter
287	- # that it's -j1 as the code itself serializes subdirs
288	- emake -j1 depend
289	- emake all
290	-}
291	-
292	-multilib_src_test() {
293	- emake -j1 test
294	-}
295	-
296	-multilib_src_install() {
297	- # We need to create $ED/usr on our own to avoid a race condition #665130
298	- if [[ ! -d "${ED}/usr" ]]; then
299	- # We can only create this directory once
300	- mkdir "${ED}"/usr \|\| die
301	- fi
302	-
303	- emake DESTDIR="${D}" install
304	-}
305	-
306	-multilib_src_install_all() {
307	- # openssl installs perl version of c_rehash by default, but
308	- # we provide a shell version via app-misc/c_rehash
309	- rm "${ED}"/usr/bin/c_rehash \|\| die
310	-
311	- dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
312	-
313	- # This is crappy in that the static archives are still built even
314	- # when USE=static-libs. But this is due to a failing in the openssl
315	- # build system: the static archives are built as PIC all the time.
316	- # Only way around this would be to manually configure+compile openssl
317	- # twice; once with shared lib support enabled and once without.
318	- use static-libs \|\| rm -f "${ED}"/usr/lib/lib.a
319	-
320	- # create the certs directory
321	- keepdir ${SSL_CNF_DIR}/certs
322	-
323	- # Namespace openssl programs to prevent conflicts with other man pages
324	- cd "${ED}"/usr/share/man \|\| die
325	- local m d s
326	- for m in $(find . -type f \| xargs grep -L '#include') ; do
327	- d=${m%/} ; d=${d#./} ; m=${m##/}
328	- [[ ${m} == openssl.1* ]] && continue
329	- [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
330	- mv ${d}/{,ssl-}${m}
331	- # fix up references to renamed man pages
332	- sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
333	- ln -s ssl-${m} ${d}/openssl-${m}
334	- # locate any symlinks that point to this man page ... we assume
335	- # that any broken links are due to the above renaming
336	- for s in $(find -L ${d} -type l) ; do
337	- s=${s##*/}
338	- rm -f ${d}/${s}
339	- # We don't want to "\|\| die" here
340	- ln -s ssl-${m} ${d}/ssl-${s}
341	- ln -s ssl-${s} ${d}/openssl-${s}
342	- done
343	- done
344	- [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
345	-
346	- dodir /etc/sandbox.d #254521
347	- echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
348	-
349	- diropts -m0700
350	- keepdir ${SSL_CNF_DIR}/private
351	-}
352	-
353	-pkg_postinst() {
354	- ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
355	- c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
356	- eend $?
357	-}

Gentoo Archives: gentoo-commits