commit: 187bd7adbec88b8f6f75607bca811c645b20618d Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sat Aug 3 04:17:03 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Aug 3 05:07:19 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=187bd7ad
dev-libs/openssl: fix exec_prefix absence in pkg-config file Closes: https://bugs.gentoo.org/936576 Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/openssl-3.3.1-pkg-config-deux.patch | 303 ++++++++++++++++++++ dev-libs/openssl/openssl-3.3.1-r2.ebuild | 309 +++++++++++++++++++++ 2 files changed, 612 insertions(+) diff --git a/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch b/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch new file mode 100644 index 000000000000..a5ad9987eb57 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch @@ -0,0 +1,303 @@ +https://github.com/openssl/openssl/pull/24687 +https://bugs.gentoo.org/936576 + +https://github.com/openssl/openssl/commit/aa099dba7c80c723cf4babf5adc0c801f1c28363 +https://github.com/openssl/openssl/commit/1c437b5704c9ee5f667bc2b11e5fdf176dfb714f + +From aa099dba7c80c723cf4babf5adc0c801f1c28363 Mon Sep 17 00:00:00 2001 +From: Richard Levitte <[email protected]> +Date: Thu, 20 Jun 2024 14:30:16 +0200 +Subject: [PATCH] Give util/mkinstallvars.pl more fine grained control over var + dependencies + +Essentially, we try to do what GNU does. 'prefix' is used to define the +defaults for 'exec_prefix' and 'libdir', and these are then used to define +further directory values. util/mkinstallvars.pl is changed to reflect that +to the best of our ability. + +Reviewed-by: Neil Horman <[email protected]> +Reviewed-by: Tomas Mraz <[email protected]> +(Merged from https://github.com/openssl/openssl/pull/24687) + +(cherry picked from commit 6e0fd246e7a6e51f92b2ef3520bfc4414b7773c0) +--- + exporters/build.info | 2 +- + util/mkinstallvars.pl | 133 ++++++++++++++++++++++++++---------------- + 2 files changed, 85 insertions(+), 50 deletions(-) + +diff --git a/exporters/build.info b/exporters/build.info +index 86acf2df9467c..9241dc9b0a658 100644 +--- a/exporters/build.info ++++ b/exporters/build.info +@@ -19,7 +19,7 @@ DEPEND[openssl.pc]=libcrypto.pc libssl.pc + DEPEND[""]=openssl.pc + + GENERATE[../installdata.pm]=../util/mkinstallvars.pl \ +- "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" \ ++ "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" "libdir=$(libdir)" \ + INCLUDEDIR=include APPLINKDIR=include/openssl \ + "ENGINESDIR=$(ENGINESDIR)" "MODULESDIR=$(MODULESDIR)" \ + "PKGCONFIGDIR=$(PKGCONFIGDIR)" "CMAKECONFIGDIR=$(CMAKECONFIGDIR)" \ +diff --git a/util/mkinstallvars.pl b/util/mkinstallvars.pl +index 59a432d28c601..5fadb708e1b77 100644 +--- a/util/mkinstallvars.pl ++++ b/util/mkinstallvars.pl +@@ -11,13 +11,25 @@ + # The result is a Perl module creating the package OpenSSL::safe::installdata. + + use File::Spec; ++use List::Util qw(pairs); + + # These are expected to be set up as absolute directories +-my @absolutes = qw(PREFIX); ++my @absolutes = qw(PREFIX libdir); + # These may be absolute directories, and if not, they are expected to be set up +-# as subdirectories to PREFIX +-my @subdirs = qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR ENGINESDIR MODULESDIR +- PKGCONFIGDIR CMAKECONFIGDIR); ++# as subdirectories to PREFIX or LIBDIR. The order of the pairs is important, ++# since the LIBDIR subdirectories depend on the calculation of LIBDIR from ++# PREFIX. ++my @subdirs = pairs (PREFIX => [ qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR) ], ++ LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR ++ CMAKECONFIGDIR) ]); ++# For completeness, other expected variables ++my @others = qw(VERSION LDLIBS); ++ ++my %all = ( ); ++foreach (@absolutes) { $all{$_} = 1 } ++foreach (@subdirs) { foreach (@{$_->[1]}) { $all{$_} = 1 } } ++foreach (@others) { $all{$_} = 1 } ++print STDERR "DEBUG: all keys: ", join(", ", sort keys %all), "\n"; + + my %keys = (); + foreach (@ARGV) { +@@ -26,29 +38,47 @@ + $ENV{$k} = $v; + } + +-foreach my $k (sort keys %keys) { +- my $v = $ENV{$k}; +- $v = File::Spec->rel2abs($v) if $v && grep { $k eq $_ } @absolutes; +- $ENV{$k} = $v; ++# warn if there are missing values, and also if there are unexpected values ++foreach my $k (sort keys %all) { ++ warn "No value given for $k\n" unless $keys{$k}; + } + foreach my $k (sort keys %keys) { ++ warn "Unknown variable $k\n" unless $all{$k}; ++} ++ ++# This shouldn't be needed, but just in case we get relative paths that ++# should be absolute, make sure they actually are. ++foreach my $k (@absolutes) { + my $v = $ENV{$k} || '.'; ++ print STDERR "DEBUG: $k = $v => "; ++ $v = File::Spec->rel2abs($v) if $v; ++ $ENV{$k} = $v; ++ print STDERR "$k = $ENV{$k}\n"; ++} + +- # Absolute paths for the subdir variables are computed. This provides +- # the usual form of values for names that have become norm, known as GNU +- # installation paths. +- # For the benefit of those that need it, the subdirectories are preserved +- # as they are, using the same variable names, suffixed with '_REL', if they +- # are indeed subdirectories. +- if (grep { $k eq $_ } @subdirs) { ++# Absolute paths for the subdir variables are computed. This provides ++# the usual form of values for names that have become norm, known as GNU ++# installation paths. ++# For the benefit of those that need it, the subdirectories are preserved ++# as they are, using the same variable names, suffixed with '_REL_{var}', ++# if they are indeed subdirectories. The '{var}' part of the name tells ++# which other variable value they are relative to. ++foreach my $pair (@subdirs) { ++ my ($var, $subdir_vars) = @$pair; ++ foreach my $k (@$subdir_vars) { ++ my $v = $ENV{$k} || '.'; ++ print STDERR "DEBUG: $k = $v => "; + if (File::Spec->file_name_is_absolute($v)) { +- $ENV{"${k}_REL"} = File::Spec->abs2rel($v, $ENV{PREFIX}); ++ my $kr = "${k}_REL_${var}"; ++ $ENV{$kr} = File::Spec->abs2rel($v, $ENV{$var}); ++ print STDERR "$kr = $ENV{$kr}\n"; + } else { +- $ENV{"${k}_REL"} = $v; +- $v = File::Spec->rel2abs($v, $ENV{PREFIX}); ++ my $kr = "${k}_REL_${var}"; ++ $ENV{$kr} = $v; ++ $ENV{$k} = File::Spec->rel2abs($v, $ENV{$var}); ++ print STDERR "$k = $ENV{$k} , $kr = $v\n"; + } + } +- $ENV{$k} = $v; + } + + print <<_____; +@@ -58,36 +88,41 @@ package OpenSSL::safe::installdata; + use warnings; + use Exporter; + our \@ISA = qw(Exporter); +-our \@EXPORT = qw(\$PREFIX +- \$BINDIR \$BINDIR_REL +- \$LIBDIR \$LIBDIR_REL +- \$INCLUDEDIR \$INCLUDEDIR_REL +- \$APPLINKDIR \$APPLINKDIR_REL +- \$ENGINESDIR \$ENGINESDIR_REL +- \$MODULESDIR \$MODULESDIR_REL +- \$PKGCONFIGDIR \$PKGCONFIGDIR_REL +- \$CMAKECONFIGDIR \$CMAKECONFIGDIR_REL +- \$VERSION \@LDLIBS); +- +-our \$PREFIX = '$ENV{PREFIX}'; +-our \$BINDIR = '$ENV{BINDIR}'; +-our \$BINDIR_REL = '$ENV{BINDIR_REL}'; +-our \$LIBDIR = '$ENV{LIBDIR}'; +-our \$LIBDIR_REL = '$ENV{LIBDIR_REL}'; +-our \$INCLUDEDIR = '$ENV{INCLUDEDIR}'; +-our \$INCLUDEDIR_REL = '$ENV{INCLUDEDIR_REL}'; +-our \$APPLINKDIR = '$ENV{APPLINKDIR}'; +-our \$APPLINKDIR_REL = '$ENV{APPLINKDIR_REL}'; +-our \$ENGINESDIR = '$ENV{ENGINESDIR}'; +-our \$ENGINESDIR_REL = '$ENV{ENGINESDIR_REL}'; +-our \$MODULESDIR = '$ENV{MODULESDIR}'; +-our \$MODULESDIR_REL = '$ENV{MODULESDIR_REL}'; +-our \$PKGCONFIGDIR = '$ENV{PKGCONFIGDIR}'; +-our \$PKGCONFIGDIR_REL = '$ENV{PKGCONFIGDIR_REL}'; +-our \$CMAKECONFIGDIR = '$ENV{CMAKECONFIGDIR}'; +-our \$CMAKECONFIGDIR_REL = '$ENV{CMAKECONFIGDIR_REL}'; +-our \$VERSION = '$ENV{VERSION}'; +-our \@LDLIBS = ++our \@EXPORT = qw( ++_____ ++ ++foreach my $k (@absolutes) { ++ print " \$$k\n"; ++} ++foreach my $pair (@subdirs) { ++ my ($var, $subdir_vars) = @$pair; ++ foreach my $k (@$subdir_vars) { ++ my $k2 = "${k}_REL_${var}"; ++ print " \$$k \$$k2\n"; ++ } ++} ++ ++print <<_____; ++ \$VERSION \@LDLIBS ++); ++ ++_____ ++ ++foreach my $k (@absolutes) { ++ print "our \$$k" . ' ' x (27 - length($k)) . "= '$ENV{$k}';\n"; ++} ++foreach my $pair (@subdirs) { ++ my ($var, $subdir_vars) = @$pair; ++ foreach my $k (@$subdir_vars) { ++ my $k2 = "${k}_REL_${var}"; ++ print "our \$$k" . ' ' x (27 - length($k)) . "= '$ENV{$k}';\n"; ++ print "our \$$k2" . ' ' x (27 - length($k2)) . "= '$ENV{$k2}';\n"; ++ } ++} ++ ++print <<_____; ++our \$VERSION = '$ENV{VERSION}'; ++our \@LDLIBS = + # Unix and Windows use space separation, VMS uses comma separation + split(/ +| *, */, '$ENV{LDLIBS}'); + + +From 1c437b5704c9ee5f667bc2b11e5fdf176dfb714f Mon Sep 17 00:00:00 2001 +From: Richard Levitte <[email protected]> +Date: Thu, 20 Jun 2024 14:33:15 +0200 +Subject: [PATCH] Adapt all the exporter files to the new vars from + util/mkinstallvars.pl + +With this, the pkg-config files take better advantage of relative directory +values. + +Fixes #24298 + +Reviewed-by: Neil Horman <[email protected]> +Reviewed-by: Tomas Mraz <[email protected]> +(Merged from https://github.com/openssl/openssl/pull/24687) + +(cherry picked from commit 30dc37d798a0428fd477d3763086e7e97b3d596f) +--- + exporters/cmake/OpenSSLConfig.cmake.in | 7 ++++--- + exporters/pkg-config/libcrypto.pc.in | 12 ++++++++---- + exporters/pkg-config/libssl.pc.in | 8 ++++++-- + exporters/pkg-config/openssl.pc.in | 8 ++++++-- + 4 files changed, 24 insertions(+), 11 deletions(-) + +diff --git a/exporters/cmake/OpenSSLConfig.cmake.in b/exporters/cmake/OpenSSLConfig.cmake.in +index 2d2321931de1d..06f796158b2fa 100644 +--- a/exporters/cmake/OpenSSLConfig.cmake.in ++++ b/exporters/cmake/OpenSSLConfig.cmake.in +@@ -89,9 +89,10 @@ unset(_ossl_undefined_targets) + # Set up the import path, so all other import paths are made relative this file + get_filename_component(_ossl_prefix "${CMAKE_CURRENT_LIST_FILE}" PATH) + {- +- # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR_REL, have CMake +- # out the parent directory. +- my $d = unixify($OpenSSL::safe::installdata::CMAKECONFIGDIR_REL); ++ # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR relative to ++ # $OpenSSL::safe::installdata::PREFIX, have CMake figure out the parent directory. ++ my $d = join('/', unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX), ++ unixify($OpenSSL::safe::installdata::CMAKECONFIGDIR_REL_LIBDIR)); + $OUT = ''; + $OUT .= 'get_filename_component(_ossl_prefix "${_ossl_prefix}" PATH)' . "\n" + foreach (split '/', $d); +diff --git a/exporters/pkg-config/libcrypto.pc.in b/exporters/pkg-config/libcrypto.pc.in +index 14ed339f3c3a0..fbc8ea4c79b06 100644 +--- a/exporters/pkg-config/libcrypto.pc.in ++++ b/exporters/pkg-config/libcrypto.pc.in +@@ -1,7 +1,11 @@ +-libdir={- $OpenSSL::safe::installdata::LIBDIR -} +-includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} +-enginesdir={- $OpenSSL::safe::installdata::ENGINESDIR -} +-modulesdir={- $OpenSSL::safe::installdata::MODULESDIR -} ++prefix={- $OpenSSL::safe::installdata::PREFIX -} ++exec_prefix=${prefix} ++libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ : $OpenSSL::safe::installdata::libdir -} ++includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -} ++enginesdir=${libdir}/{- $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR -} ++modulesdir=${libdir}/{- $OpenSSL::safe::installdata::MODULESDIR_REL_LIBDIR -} + + Name: OpenSSL-libcrypto + Description: OpenSSL cryptography library +diff --git a/exporters/pkg-config/libssl.pc.in b/exporters/pkg-config/libssl.pc.in +index a7828b3cc6a49..963538807bb2b 100644 +--- a/exporters/pkg-config/libssl.pc.in ++++ b/exporters/pkg-config/libssl.pc.in +@@ -1,5 +1,9 @@ +-libdir={- $OpenSSL::safe::installdata::LIBDIR -} +-includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} ++prefix={- $OpenSSL::safe::installdata::PREFIX -} ++exec_prefix=${prefix} ++libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ : $OpenSSL::safe::installdata::libdir -} ++includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -} + + Name: OpenSSL-libssl + Description: Secure Sockets Layer and cryptography libraries +diff --git a/exporters/pkg-config/openssl.pc.in b/exporters/pkg-config/openssl.pc.in +index dbb77aa39add2..225bef9e2384d 100644 +--- a/exporters/pkg-config/openssl.pc.in ++++ b/exporters/pkg-config/openssl.pc.in +@@ -1,5 +1,9 @@ +-libdir={- $OpenSSL::safe::installdata::LIBDIR -} +-includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -} ++prefix={- $OpenSSL::safe::installdata::PREFIX -} ++exec_prefix=${prefix} ++libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX ++ : $OpenSSL::safe::installdata::libdir -} ++includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -} + + Name: OpenSSL + Description: Secure Sockets Layer and cryptography libraries and tools diff --git a/dev-libs/openssl/openssl-3.3.1-r2.ebuild b/dev-libs/openssl/openssl-3.3.1-r2.ebuild new file mode 100644 index 000000000000..a321e0cf5cc8 --- /dev/null +++ b/dev-libs/openssl/openssl-3.3.1-r2.ebuild @@ -0,0 +1,309 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic linux-info toolchain-funcs +inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig + +DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" +HOMEPAGE="https://openssl-library.org/"; + +MY_P=${P/_/-} + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openssl/openssl.git"; + + inherit git-r3 +else + SRC_URI=" + https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz + verify-sig? ( + https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc + ) + " + + if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then + KEYWORDS="~amd64 ~arm ~m68k ~mips ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" + fi +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="Apache-2.0" +SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto +IUSE="+asm cpu_flags_x86_sse2 fips ktls +quic rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + !<net-misc/openssh-9.2_p1-r3 + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + app-alternatives/bc + sys-process/procps + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240424 ) +" +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND}" +PDEPEND="app-misc/ca-certificates" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/openssl/configuration.h +) + +PATCHES=( + # bug 936311, drop on next version bump + "${FILESDIR}"/${P}-riscv.patch + # https://bugs.gentoo.org/936793 + "${FILESDIR}"/openssl-3.3.1-pkg-config.patch + # https://bugs.gentoo.org/936576 + "${FILESDIR}"/openssl-3.3.1-pkg-config-deux.patch +) + +pkg_setup() { + if use ktls ; then + if kernel_is -lt 4 18 ; then + ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" + else + CONFIG_CHECK="~TLS ~TLS_DEVICE" + ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" + ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" + use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" + + linux-info_pkg_setup + fi + fi + + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp ; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile || die + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES} ; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/12247 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #895308 -- check inserts GNU ld-compatible arguments + [[ ${CHOST} == *-darwin* ]] || append-atomic-flags + # Configure doesn't respect LIBS + export LDLIBS="${LIBS}" + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Using configuration: ${sslout:-(openssl knows best)}" + + # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features + local myeconfargs=( + ${sslout} + + $(multilib_is_native_abi || echo "no-docs") + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + enable-idea + enable-mdc2 + enable-rc5 + $(use fips && echo "enable-fips") + $(use quic && echo "enable-quic") + $(use_ssl asm) + $(use_ssl ktls) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo perl "${S}/Configure" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake build_sw +} + +multilib_src_test() { + # See https://github.com/openssl/openssl/blob/master/test/README.md for options. + # + # VFP = show subtests verbosely and show failed tests verbosely + # Normal V=1 would show everything verbosely but this slows things down. + # + # -j1 here for https://github.com/openssl/openssl/issues/21999, but it + # shouldn't matter as tests were already built earlier, and HARNESS_JOBS + # controls running the tests. + emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test +} + +multilib_src_install() { + # Only -j1 is supported for the install targets: + # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 + emake DESTDIR="${D}" -j1 install_sw + if use fips; then + emake DESTDIR="${D}" -j1 install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die + fi + + if multilib_is_native_abi; then + emake DESTDIR="${D}" -j1 install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs ; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi + + preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ + /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? + + preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ + /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) +}
