Skip to content

mark-devkit: [mark-xl] Bump dev-libs/openssl-3.0.20 #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
geaaru wants to merge 1 commit into
base: mark-xl
Choose a base branch
from
Open

mark-devkit: [mark-xl] Bump dev-libs/openssl-3.0.20 #163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions dev-libs/openssl/Manifest
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
DIST openssl-1.1.1q.tar.gz 9864061 BLAKE2B fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 SHA512 cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f
DIST openssl-1.1.1w.tar.gz 10069702 BLAKE2B 56bd65314684cd6541f21d2ddaa7940dfe37c486b9d9197c2839b9dcc74fa8978e135c79f7ca548f761606e572cb15ab0b6eee6628446a6aff1d2161ba3d1f3c SHA512 9814bda4481e710241855a43785469fa14f81e0e12a56acf342ab24c0fa53551ee0818288acfbbb1b207282268220dc7c60b55c72698e8556a32d4be54d1f364
DIST openssl-3.0.19-a22063c.tar.gz 15421618 BLAKE2B feb0213556029e45197c5cd32cfd7d001b558cb1f63d9912426fe00fc5de139d18bedf33cd5881d8b826a04b13482e6cc891fcf36b3fa44d0fc48ba593863cc4 SHA512 c40ced33d0b48c73d0bff2957646716ed2084e1164ef2afd8b085fbc1897f3b58a38810321c335e5f7f49e0154b9235fe130e2959a8f81ede5a089743aa99403
DIST openssl-3.0.20-5aada9c.tar.gz 15431702 BLAKE2B 2372030a62ad65beec817f1a98ad0f1f855879117f7580ef4689cea452073c96f69297c0bd3c585931d4dcca92c7fac44b504c289037b535e2b15c4d23b3794f SHA512 59f2a08eb024ca4841902d7702d908399fd5e2eadce595989ac402d8e7d56caf179380430bfa60459bcb7d9e081dabe765bc55eefa0fb0af0b79b805074854e2
175 changes: 175 additions & 0 deletions dev-libs/openssl/openssl-3.0.20.ebuild
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
# Distributed under the terms of the GNU General Public License v2
# Autogen by MARK Devkit

EAPI=7

PRESERVE_LIB_FORCE=1
inherit flag-o-matic toolchain-funcs preserve-libs

DESCRIPTION="TLS/SSL and crypto library"
HOMEPAGE="https://github.com/openssl/openssl"
SRC_URI="https://api.github.com/repos/openssl/openssl/tarball/openssl-3.0.20 -> openssl-3.0.20-5aada9c.tar.gz"

LICENSE="Apache-2.0"
SLOT="0/${PVR}" # Funtoo change -- force more frequent rebuilds.
KEYWORDS="*"
# TODO: Add support for fips
IUSE="+asm libc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs +tls-compression vanilla weak-ssl-ciphers"
RESTRICT=""

# app-misc/c_rehash is deprecated by https://bugs.funtoo.org/browse/FL-10434
# openssl installs perl version of c_rehash by default
# openssl also comes with its own C version of rehash, which is now preferred
# See https://nvd.nist.gov/vuln/detail/CVE-2022-2068 for more details on c_rehash deprecation
# Ensure we block app-misc/c_rehash for new openssl versions
RDEPEND="
!app-misc/c_rehash
tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)] )
"
DEPEND="${RDEPEND}"
BDEPEND="
>=dev-lang/perl-5
sctp? ( >=net-misc/lksctp-tools-1.0.12 )
"
PDEPEND="app-misc/ca-certificates"

post_src_unpack() {
mv openssl-openssl-* ${S}
}

src_prepare() {
# Make sure we only ever touch Makefile.org and avoid patching a file
# that gets blown away anyways by the Configure script in src_configure
rm -f Makefile

eapply_user #332661

rm test/recipes/80-test_ssl_new.t || die
rm test/recipes/30-test_afalg.t || die

default
}

src_configure() {
local _target _optflags
SSL_CNF_DIR="/etc/ssl"

[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments

append-flags -fno-strict-aliasing
append-flags $(test-flags-CC -Wa,--noexecstack)
append-cppflags -DOPENSSL_NO_BUF_FREELISTS

unset APPS
unset SCRIPTS
unset CROSS_COMPILE

tc-export AR CC CXX RANLIB RC

use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
echoit() { echo "$@" ; "$@" ; }


CARCH=${CHOST%%-*}
case "$CARCH" in
aarch64*) _target="linux-aarch64" ;;
arm*) _target="linux-armv4" ;;
mips64*) _target="linux64-mips64" ;;
# explicit _optflags is needed to prevent automatic -mips3 addition
mips*) _target="linux-mips32"; _optflags="-mips32" ;;
ppc) _target="linux-ppc" ;;
ppc64) _target="linux-ppc64" ;;
ppc64le) _target="linux-ppc64le" ;;
x86) _target="linux-elf" ;;
x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
s390x) _target="linux64-s390x";;
riscv64) _target="linux64-riscv64";;
loongarch64)_target="linux64-loongarch64";;
*) die "Unable to determine architecture from (arch=$CARCH)" ;;
esac

CFLAGS= LDFLAGS= echoit \
perl ./Configure \
${_target} \
--prefix="${EPREFIX}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \
${_optflags} \
$(use cpu_flags_x86_sse2 || echo "no-sse2") \
enable-camellia \
enable-ec \
enable-ec2m \
enable-sm2 \
enable-srp \
$(use elibc_musl && echo "no-async") \
enable-idea \
enable-mdc2 \
enable-rc5 \
no-tests \
$(use_ssl asm) \
$(use_ssl rfc3779) \
$(use_ssl sctp) \
$(use_ssl tls-compression zlib) \
$(use_ssl weak-ssl-ciphers) \
shared threads \
|| die

perl configdata.pm --dump
}

src_compile() {
# depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs
emake -j1 depend
emake all
}

src_install() {
# We need to create $ED/usr on our own to avoid a race condition #665130
if [[ ! -d "${ED}/usr" ]]; then
# We can only create this directory once
mkdir "${ED}"/usr || die
fi

emake DESTDIR="${D}" install

# This is crappy in that the static archives are still built even
# when USE=static-libs. But this is due to a failing in the openssl
# build system: the static archives are built as PIC all the time.
# Only way around this would be to manually configure+compile openssl
# twice; once with shared lib support enabled and once without.
if ! use static-libs; then
rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
fi

dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
# create the certs directory
keepdir ${SSL_CNF_DIR}/certs

dodir /etc/sandbox.d #254521
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

diropts -m0700
keepdir ${SSL_CNF_DIR}/private
}

pkg_preinst() {
# Force preseve of libssl.so.1.1 if prsent
if [ -e /usr/$(get_libdir)/libssl$(get_libname 1.1) ] ; then
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
fi
}

pkg_postinst() {
ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
eend $?

if [ -e /usr/$(get_libdir)/libssl$(get_libname 1.1) ] ; then
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
fi
}

# vim: filetype=ebuild