1 |
commit: 9dff5c48772c2e43872211b98d7d11258fd37736 |
2 |
Author: Aisha Tammy <gentoo <AT> aisha <DOT> cc> |
3 |
AuthorDate: Thu Dec 23 14:49:03 2021 +0000 |
4 |
Commit: Aisha Tammy <gentoo <AT> aisha <DOT> cc> |
5 |
CommitDate: Thu Dec 23 14:49:03 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=9dff5c48 |
7 |
|
8 |
app-crypt/intel-ipsec-mb: fast multi-buffer crypto for ipsec |
9 |
|
10 |
Package-Manager: Portage-3.0.28, Repoman-3.0.3 |
11 |
Signed-off-by: Aisha Tammy <gentoo <AT> aisha.cc> |
12 |
|
13 |
app-crypt/intel-ipsec-mb/Manifest | 1 + |
14 |
.../intel-ipsec-mb-1.1_remove-werror-and-O3.patch | 122 +++++++++++++++++++++ |
15 |
app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild | 54 +++++++++ |
16 |
.../intel-ipsec-mb/intel-ipsec-mb-9999.ebuild | 54 +++++++++ |
17 |
app-crypt/intel-ipsec-mb/metadata.xml | 13 +++ |
18 |
5 files changed, 244 insertions(+) |
19 |
|
20 |
diff --git a/app-crypt/intel-ipsec-mb/Manifest b/app-crypt/intel-ipsec-mb/Manifest |
21 |
new file mode 100644 |
22 |
index 000000000..3120cdfa8 |
23 |
--- /dev/null |
24 |
+++ b/app-crypt/intel-ipsec-mb/Manifest |
25 |
@@ -0,0 +1 @@ |
26 |
+DIST intel-ipsec-mb-1.1.tar.gz 1227915 BLAKE2B 56d104c2bcebd4a8125d64362c14603b7005c8ef0978d4039da3128f06fbba7f469ac8df23e3315b9f3fe33c392804fd718a533edd34e4a545f767a1c2e2fd60 SHA512 aca5863d36b333c4c896549074242fb4c2c0a4d6598b27baa794944436527bdd6e1a5dbca9d39e0c3a89e61d7d175adcf5bf6c6cbdffd0a43bca1fea0be42ebe |
27 |
|
28 |
diff --git a/app-crypt/intel-ipsec-mb/files/intel-ipsec-mb-1.1_remove-werror-and-O3.patch b/app-crypt/intel-ipsec-mb/files/intel-ipsec-mb-1.1_remove-werror-and-O3.patch |
29 |
new file mode 100644 |
30 |
index 000000000..64868c264 |
31 |
--- /dev/null |
32 |
+++ b/app-crypt/intel-ipsec-mb/files/intel-ipsec-mb-1.1_remove-werror-and-O3.patch |
33 |
@@ -0,0 +1,122 @@ |
34 |
+diff --git a/lib/Makefile b/lib/Makefile |
35 |
+index 065d2c1..2bc3a03 100644 |
36 |
+--- a/lib/Makefile |
37 |
++++ b/lib/Makefile |
38 |
+@@ -112,10 +112,10 @@ YASM_INCLUDES := $(foreach i,$(ASM_INCLUDE_DIRS),-I $i) |
39 |
+ NASM_INCLUDES := $(foreach i,$(ASM_INCLUDE_DIRS),-I$i/) |
40 |
+ ifneq ($(MINGW),0) |
41 |
+ YASM_FLAGS := -f x64 -f win64 -X gnu -g dwarf2 -DWIN_ABI $(YASM_INCLUDES) |
42 |
+-NASM_FLAGS := -Werror -fwin64 -Xvc -gcv8 -DWIN_ABI $(NASM_INCLUDES) |
43 |
++NASM_FLAGS := -fwin64 -Xvc -gcv8 -DWIN_ABI $(NASM_INCLUDES) |
44 |
+ else |
45 |
+ YASM_FLAGS := -f x64 -f elf64 -X gnu -g dwarf2 -DLINUX -D__linux__ $(YASM_INCLUDES) |
46 |
+-NASM_FLAGS := -Werror -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ $(NASM_INCLUDES) |
47 |
++NASM_FLAGS := -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ $(NASM_INCLUDES) |
48 |
+ endif |
49 |
+ |
50 |
+ DEBUG_OPT ?= -O0 |
51 |
+@@ -153,7 +153,6 @@ endif |
52 |
+ |
53 |
+ # prevent SIMD optimizations for non-aesni modules |
54 |
+ CFLAGS_NO_SIMD = $(CFLAGS) -O1 |
55 |
+-CFLAGS += $(OPT) |
56 |
+ |
57 |
+ # Set generic architectural optimizations |
58 |
+ OPT_X86 := -msse4.2 |
59 |
+@@ -696,7 +695,7 @@ install: $(LIB_DIR)/$(LIBNAME) |
60 |
+ install -m 0444 $(MAN2) $(MAN_DIR) |
61 |
+ install -d $(LIB_INSTALL_DIR) |
62 |
+ ifeq ($(SHARED),y) |
63 |
+- install -s -m $(LIBPERM) $(LIB_DIR)/$(LIBNAME) $(LIB_INSTALL_DIR) |
64 |
++ install -m $(LIBPERM) $(LIB_DIR)/$(LIBNAME) $(LIB_INSTALL_DIR) |
65 |
+ else |
66 |
+ # must not strip symbol table for static libs |
67 |
+ install -m $(LIBPERM) $(LIB_DIR)/$(LIBNAME) $(LIB_INSTALL_DIR) |
68 |
+diff --git a/lib/win_x64.mak b/lib/win_x64.mak |
69 |
+index a71d715..c5f07dc 100644 |
70 |
+--- a/lib/win_x64.mak |
71 |
++++ b/lib/win_x64.mak |
72 |
+@@ -110,7 +110,7 @@ LINK_TOOL = link |
73 |
+ LINKFLAGS = $(DLFLAGS) /nologo /machine:X64 |
74 |
+ |
75 |
+ AS = nasm |
76 |
+-AFLAGS = $(DAFLAGS) -Werror -fwin64 -Xvc -DWIN_ABI -Iinclude/ \ |
77 |
++AFLAGS = $(DAFLAGS) -fwin64 -Xvc -DWIN_ABI -Iinclude/ \ |
78 |
+ -I./ -Iavx/ -Iavx2/ -Iavx512/ -Isse/ |
79 |
+ |
80 |
+ # dependency |
81 |
+diff --git a/perf/Makefile b/perf/Makefile |
82 |
+index 2f578fe..bdae07a 100644 |
83 |
+--- a/perf/Makefile |
84 |
++++ b/perf/Makefile |
85 |
+@@ -40,9 +40,9 @@ CFLAGS = -D_GNU_SOURCE -DNO_COMPAT_IMB_API_053 $(INCLUDES) \ |
86 |
+ |
87 |
+ ifeq ($(MINGW),0) |
88 |
+ CFLAGS += -DLINUX |
89 |
+-NASM_FLAGS := -Werror -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ |
90 |
++NASM_FLAGS := -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ |
91 |
+ else |
92 |
+-NASM_FLAGS := -Werror -fwin64 -Xvc -gcv8 -DWIN_ABI |
93 |
++NASM_FLAGS := -fwin64 -Xvc -gcv8 -DWIN_ABI |
94 |
+ endif |
95 |
+ |
96 |
+ # if "-z ibt" is supported then assume "-z shstk, -z cet-report=error" are also supported |
97 |
+@@ -57,7 +57,7 @@ CFLAGS += -fcf-protection=full |
98 |
+ endif |
99 |
+ |
100 |
+ ifeq ($(MINGW),0) |
101 |
+-LDFLAGS = -fPIE -z noexecstack -z relro -z now -pthread |
102 |
++LDFLAGS += -fPIE -z noexecstack -z relro -z now -pthread |
103 |
+ endif |
104 |
+ ifeq ($(CC_HAS_CET),1) |
105 |
+ LDFLAGS += -fcf-protection=full -Wl,-z,ibt -Wl,-z,shstk -Wl,-z,cet-report=error |
106 |
+diff --git a/perf/win_x64.mak b/perf/win_x64.mak |
107 |
+index a388ff5..71e5f24 100644 |
108 |
+--- a/perf/win_x64.mak |
109 |
++++ b/perf/win_x64.mak |
110 |
+@@ -68,7 +68,7 @@ LNK = link |
111 |
+ LFLAGS = /out:$(APP).exe $(DLFLAGS) |
112 |
+ |
113 |
+ AS = nasm |
114 |
+-AFLAGS = -Werror -fwin64 -Xvc -DWIN_ABI |
115 |
++AFLAGS = -fwin64 -Xvc -DWIN_ABI |
116 |
+ |
117 |
+ OBJECTS = ipsec_perf.obj msr.obj misc.obj |
118 |
+ |
119 |
+diff --git a/test/Makefile b/test/Makefile |
120 |
+index 93bae06..22fef57 100644 |
121 |
+--- a/test/Makefile |
122 |
++++ b/test/Makefile |
123 |
+@@ -60,15 +60,15 @@ endif |
124 |
+ YASM_FLAGS := -f x64 -f elf64 -X gnu -g dwarf2 -DLINUX -D__linux__ |
125 |
+ ifeq ($(MINGW),0) |
126 |
+ CFLAGS += -DLINUX |
127 |
+-NASM_FLAGS := -Werror -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ |
128 |
++NASM_FLAGS := -felf64 -Xgnu -gdwarf -DLINUX -D__linux__ |
129 |
+ else |
130 |
+-NASM_FLAGS := -Werror -fwin64 -Xvc -gcv8 -DWIN_ABI |
131 |
++NASM_FLAGS := -fwin64 -Xvc -gcv8 -DWIN_ABI |
132 |
+ endif |
133 |
+ |
134 |
+ ifeq ($(MINGW),0) |
135 |
+-LDFLAGS = -fPIE -z noexecstack -z relro -z now |
136 |
++LDFLAGS += -fPIE -z noexecstack -z relro -z now |
137 |
+ else |
138 |
+-LDFLAGS = -fPIE |
139 |
++LDFLAGS += -fPIE |
140 |
+ endif |
141 |
+ |
142 |
+ ifeq ($(CC_HAS_CET),1) |
143 |
+diff --git a/test/win_x64.mak b/test/win_x64.mak |
144 |
+index e28e6a7..2e564a7 100644 |
145 |
+--- a/test/win_x64.mak |
146 |
++++ b/test/win_x64.mak |
147 |
+@@ -67,7 +67,7 @@ TEST_LFLAGS = /out:$(TEST_APP).exe $(DLFLAGS) |
148 |
+ XVALID_LFLAGS = /out:$(XVALID_APP).exe $(DLFLAGS) |
149 |
+ |
150 |
+ AS = nasm |
151 |
+-AFLAGS = -Werror -fwin64 -Xvc -DWIN_ABI |
152 |
++AFLAGS = -fwin64 -Xvc -DWIN_ABI |
153 |
+ |
154 |
+ # dependency |
155 |
+ !ifndef DEPTOOL |
156 |
|
157 |
diff --git a/app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild |
158 |
new file mode 100644 |
159 |
index 000000000..7e0f4de90 |
160 |
--- /dev/null |
161 |
+++ b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-1.1.ebuild |
162 |
@@ -0,0 +1,54 @@ |
163 |
+# Copyright 2021 Gentoo Authors |
164 |
+# Distributed under the terms of the GNU General Public License v2 |
165 |
+ |
166 |
+EAPI=7 |
167 |
+ |
168 |
+inherit toolchain-funcs |
169 |
+ |
170 |
+DESCRIPTION="Multi-Buffer Crypto for IPSec from Intel" |
171 |
+HOMEPAGE="https://github.com/intel/intel-ipsec-mb" |
172 |
+ |
173 |
+if [[ ${PV} == 9999 ]]; then |
174 |
+ inherit git-r3 |
175 |
+ EGIT_REPO_URI="https://github.com/intel/intel-ipsec-mb.git" |
176 |
+else |
177 |
+ SRC_URI="https://github.com/intel/intel-ipsec-mb/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" |
178 |
+ KEYWORDS="~amd64" |
179 |
+fi |
180 |
+ |
181 |
+LICENSE="BSD" |
182 |
+SLOT="0" |
183 |
+IUSE="+safe-data +safe-lookup +safe-param test" |
184 |
+RESTRICT="!test? ( test )" |
185 |
+ |
186 |
+BDEPEND=" |
187 |
+ >=dev-lang/nasm-2.13.03 |
188 |
+" |
189 |
+ |
190 |
+PATCHES=( "${FILESDIR}/intel-ipsec-mb-1.1_remove-werror-and-O3.patch" ) |
191 |
+ |
192 |
+src_configure(){ |
193 |
+ tc-export CC LD AR |
194 |
+} |
195 |
+ |
196 |
+src_compile() { |
197 |
+ local myconf=( |
198 |
+ SAFE_DATA=$(usex safe-data y n) |
199 |
+ SAFE_LOOKUP=$(usex safe-lookup y n) |
200 |
+ SAFE_PARAM=$(usex safe-param y n) |
201 |
+ ) |
202 |
+ emake "${myconf[@]}" EXTRA_CFLAGS="${CFLAGS}" |
203 |
+} |
204 |
+ |
205 |
+src_install() { |
206 |
+ emake PREFIX="${ED}/usr" \ |
207 |
+ LIB_INSTALL_DIR="${ED}/usr/$(get_libdir)" \ |
208 |
+ MAN_DIR="${ED}/usr/share/man/man7" \ |
209 |
+ install |
210 |
+} |
211 |
+ |
212 |
+src_test() { |
213 |
+ cd "${S}/test" |
214 |
+ LD_LIBRARY_PATH=../lib ./ipsec_MB_testapp -v |
215 |
+ LD_LIBRARY_PATH=../lib ./ipsec_xvalid_test -v |
216 |
+} |
217 |
|
218 |
diff --git a/app-crypt/intel-ipsec-mb/intel-ipsec-mb-9999.ebuild b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-9999.ebuild |
219 |
new file mode 100644 |
220 |
index 000000000..7e0f4de90 |
221 |
--- /dev/null |
222 |
+++ b/app-crypt/intel-ipsec-mb/intel-ipsec-mb-9999.ebuild |
223 |
@@ -0,0 +1,54 @@ |
224 |
+# Copyright 2021 Gentoo Authors |
225 |
+# Distributed under the terms of the GNU General Public License v2 |
226 |
+ |
227 |
+EAPI=7 |
228 |
+ |
229 |
+inherit toolchain-funcs |
230 |
+ |
231 |
+DESCRIPTION="Multi-Buffer Crypto for IPSec from Intel" |
232 |
+HOMEPAGE="https://github.com/intel/intel-ipsec-mb" |
233 |
+ |
234 |
+if [[ ${PV} == 9999 ]]; then |
235 |
+ inherit git-r3 |
236 |
+ EGIT_REPO_URI="https://github.com/intel/intel-ipsec-mb.git" |
237 |
+else |
238 |
+ SRC_URI="https://github.com/intel/intel-ipsec-mb/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz" |
239 |
+ KEYWORDS="~amd64" |
240 |
+fi |
241 |
+ |
242 |
+LICENSE="BSD" |
243 |
+SLOT="0" |
244 |
+IUSE="+safe-data +safe-lookup +safe-param test" |
245 |
+RESTRICT="!test? ( test )" |
246 |
+ |
247 |
+BDEPEND=" |
248 |
+ >=dev-lang/nasm-2.13.03 |
249 |
+" |
250 |
+ |
251 |
+PATCHES=( "${FILESDIR}/intel-ipsec-mb-1.1_remove-werror-and-O3.patch" ) |
252 |
+ |
253 |
+src_configure(){ |
254 |
+ tc-export CC LD AR |
255 |
+} |
256 |
+ |
257 |
+src_compile() { |
258 |
+ local myconf=( |
259 |
+ SAFE_DATA=$(usex safe-data y n) |
260 |
+ SAFE_LOOKUP=$(usex safe-lookup y n) |
261 |
+ SAFE_PARAM=$(usex safe-param y n) |
262 |
+ ) |
263 |
+ emake "${myconf[@]}" EXTRA_CFLAGS="${CFLAGS}" |
264 |
+} |
265 |
+ |
266 |
+src_install() { |
267 |
+ emake PREFIX="${ED}/usr" \ |
268 |
+ LIB_INSTALL_DIR="${ED}/usr/$(get_libdir)" \ |
269 |
+ MAN_DIR="${ED}/usr/share/man/man7" \ |
270 |
+ install |
271 |
+} |
272 |
+ |
273 |
+src_test() { |
274 |
+ cd "${S}/test" |
275 |
+ LD_LIBRARY_PATH=../lib ./ipsec_MB_testapp -v |
276 |
+ LD_LIBRARY_PATH=../lib ./ipsec_xvalid_test -v |
277 |
+} |
278 |
|
279 |
diff --git a/app-crypt/intel-ipsec-mb/metadata.xml b/app-crypt/intel-ipsec-mb/metadata.xml |
280 |
new file mode 100644 |
281 |
index 000000000..515d9d259 |
282 |
--- /dev/null |
283 |
+++ b/app-crypt/intel-ipsec-mb/metadata.xml |
284 |
@@ -0,0 +1,13 @@ |
285 |
+<?xml version="1.0" encoding="UTF-8"?> |
286 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
287 |
+<pkgmetadata> |
288 |
+ <maintainer type="person"> |
289 |
+ <email>gentoo@×××××.cc</email> |
290 |
+ <name>Aisha Tammy</name> |
291 |
+ </maintainer> |
292 |
+ <use> |
293 |
+ <flag name="safe-data">sensitive information is cleared on completion of a function call</flag> |
294 |
+ <flag name="safe-lookup">lookups which depend on sensitive information are implemented with constant time functions</flag> |
295 |
+ <flag name="safe-param">input parameters are checked, looking generally for NULL pointers or an incorrect input length</flag> |
296 |
+ </use> |
297 |
+</pkgmetadata> |