mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-12-16 14:52:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

dev-libs/openssl: Sync with Gentoo's latest stable

Browse Source
This commit is contained in:
David Michael 2018-11-13 16:08:27 +00:00
parent 8e2fe3acc0
commit 24abd167b4
6 changed files with 384 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest vendored
View File

@ -1,2 +1,5 @@
DIST openssl-1.0.2-patches-1.4.tar.xz 12864 SHA256 281b3918e32a6db737365ddaafa5279dd14089b63d681570a72b704d10197d61 SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d WHIRLPOOL 4974556135febb4ab662547b7e6f87cff4787fdcd86efff5f6159dae7895528138ad75e7f7da038b25a063d787c2cc7af80be825e934b11355348e01bf7e79c3 DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3
DIST openssl-1.0.2o.tar.gz 5329472 SHA256 ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd WHIRLPOOL b50a3f1756e67842bf4ccc233453dd294cc6a43070b5852974119f73cd957917dd1ae0d308b633e460979a635b1f4395c52c20d31f39f73731cca982cf2c3484 DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e

6
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2 vendored
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Copyright 1999-2017 Gentoo Foundation # Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# #
# Openssl doesn't play along nicely with cross-compiling # Openssl doesn't play along nicely with cross-compiling
@ -81,8 +81,8 @@ chost_machine=${CHOST%%-*}
case ${system} in case ${system} in
linux) linux)
case ${chost_machine}:${ABI} in case ${chost_machine}:${ABI} in
aarch64*be*) machine="generic64 -DB_ENDIAN";; aarch64*be*) machine="aarch64 -DB_ENDIAN";;
aarch64*) machine="generic64 -DL_ENDIAN";; aarch64*) machine="aarch64 -DL_ENDIAN";;
alphaev56*|\ alphaev56*|\
alphaev[678]*)machine=alpha+bwx-${compiler};; alphaev[678]*)machine=alpha+bwx-${compiler};;
alpha*) machine=alpha-${compiler};; alpha*) machine=alpha-${compiler};;

283
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch vendored Normal file
View File

@ -0,0 +1,283 @@
Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
From https://src.fedoraproject.org/git/rpms/openssl.git
Contains parts of the following patches, rediffed. The patches are on various
different branches.
f23 openssl-1.0.2c-ecc-suiteb.patch
f23 openssl-1.0.2a-fips-ec.patch
f28 openssl-1.1.0-ec-curves.patch
Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
} else
# endif
# ifndef OPENSSL_NO_ECDSA
- if (strcmp(*argv, "ecdsap160") == 0)
- ecdsa_doit[R_EC_P160] = 2;
- else if (strcmp(*argv, "ecdsap192") == 0)
- ecdsa_doit[R_EC_P192] = 2;
+ if (0) {}
else if (strcmp(*argv, "ecdsap224") == 0)
ecdsa_doit[R_EC_P224] = 2;
else if (strcmp(*argv, "ecdsap256") == 0)
@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
ecdsa_doit[R_EC_P384] = 2;
else if (strcmp(*argv, "ecdsap521") == 0)
ecdsa_doit[R_EC_P521] = 2;
- else if (strcmp(*argv, "ecdsak163") == 0)
- ecdsa_doit[R_EC_K163] = 2;
- else if (strcmp(*argv, "ecdsak233") == 0)
- ecdsa_doit[R_EC_K233] = 2;
- else if (strcmp(*argv, "ecdsak283") == 0)
- ecdsa_doit[R_EC_K283] = 2;
- else if (strcmp(*argv, "ecdsak409") == 0)
- ecdsa_doit[R_EC_K409] = 2;
- else if (strcmp(*argv, "ecdsak571") == 0)
- ecdsa_doit[R_EC_K571] = 2;
- else if (strcmp(*argv, "ecdsab163") == 0)
- ecdsa_doit[R_EC_B163] = 2;
- else if (strcmp(*argv, "ecdsab233") == 0)
- ecdsa_doit[R_EC_B233] = 2;
- else if (strcmp(*argv, "ecdsab283") == 0)
- ecdsa_doit[R_EC_B283] = 2;
- else if (strcmp(*argv, "ecdsab409") == 0)
- ecdsa_doit[R_EC_B409] = 2;
- else if (strcmp(*argv, "ecdsab571") == 0)
- ecdsa_doit[R_EC_B571] = 2;
else if (strcmp(*argv, "ecdsa") == 0) {
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i < R_EC_P521; i++)
ecdsa_doit[i] = 1;
} else
# endif
# ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv, "ecdhp160") == 0)
- ecdh_doit[R_EC_P160] = 2;
- else if (strcmp(*argv, "ecdhp192") == 0)
- ecdh_doit[R_EC_P192] = 2;
+ if (0) {}
else if (strcmp(*argv, "ecdhp224") == 0)
ecdh_doit[R_EC_P224] = 2;
else if (strcmp(*argv, "ecdhp256") == 0)
@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
ecdh_doit[R_EC_P384] = 2;
else if (strcmp(*argv, "ecdhp521") == 0)
ecdh_doit[R_EC_P521] = 2;
- else if (strcmp(*argv, "ecdhk163") == 0)
- ecdh_doit[R_EC_K163] = 2;
- else if (strcmp(*argv, "ecdhk233") == 0)
- ecdh_doit[R_EC_K233] = 2;
- else if (strcmp(*argv, "ecdhk283") == 0)
- ecdh_doit[R_EC_K283] = 2;
- else if (strcmp(*argv, "ecdhk409") == 0)
- ecdh_doit[R_EC_K409] = 2;
- else if (strcmp(*argv, "ecdhk571") == 0)
- ecdh_doit[R_EC_K571] = 2;
- else if (strcmp(*argv, "ecdhb163") == 0)
- ecdh_doit[R_EC_B163] = 2;
- else if (strcmp(*argv, "ecdhb233") == 0)
- ecdh_doit[R_EC_B233] = 2;
- else if (strcmp(*argv, "ecdhb283") == 0)
- ecdh_doit[R_EC_B283] = 2;
- else if (strcmp(*argv, "ecdhb409") == 0)
- ecdh_doit[R_EC_B409] = 2;
- else if (strcmp(*argv, "ecdhb571") == 0)
- ecdh_doit[R_EC_B571] = 2;
else if (strcmp(*argv, "ecdh") == 0) {
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i <= R_EC_P521; i++)
ecdh_doit[i] = 1;
} else
# endif
@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
# endif
# ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
+ BIO_printf(bio_err, "ecdsap224 "
"ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err,
- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
- BIO_printf(bio_err,
- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
BIO_printf(bio_err, "ecdsa\n");
# endif
# ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
+ BIO_printf(bio_err, "ecdhp224 "
"ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err,
- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
- BIO_printf(bio_err,
- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
BIO_printf(bio_err, "ecdh\n");
# endif
@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 1;
# ifndef OPENSSL_NO_ECDSA
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i <= R_EC_P521; i++)
ecdsa_doit[i] = 1;
# endif
# ifndef OPENSSL_NO_ECDH
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i <= R_EC_P521; i++)
ecdh_doit[i] = 1;
# endif
}
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
return 0;
}
+ if (BN_num_bits(p) < 224) {
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+ return 0;
+ }
+
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
goto err;
/* NIST PRIME CURVES TESTS */
+# if 0
if (!test_ecdh_curve
(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
goto err;
if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
goto err;
+# endif
if (!test_ecdh_curve
(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
goto err;
@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
goto err;
# endif
+# if 0
if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
goto err;
if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
goto err;
if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
goto err;
-
+# endif
ret = 0;
err:
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -138,9 +138,12 @@ int restore_rand(void)
}
static int fbytes_counter = 0, use_fake = 0;
-static const char *numbers[8] = {
+static const char *numbers[10] = {
+ "651056770906015076056810763456358567190100156695615665659",
"651056770906015076056810763456358567190100156695615665659",
"6140507067065001063065065565667405560006161556565665656654",
+ "8763001015071075675010661307616710783570106710677817767166"
+ "71676178726717",
"8763001015071075675010661307616710783570106710677817767166"
"71676178726717",
"7000000175690566466555057817571571075705015757757057795755"
@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num)
use_fake = 0;
- if (fbytes_counter >= 8)
+ if (fbytes_counter >= 10)
return 0;
tmp = BN_new();
if (!tmp)
@@ -539,8 +542,10 @@ int main(void)
RAND_seed(rnd_seed, sizeof(rnd_seed));
/* the tests */
+# if 0
if (!x9_62_tests(out))
goto err;
+# endif
if (!test_builtin(out))
goto err;
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = {
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
0, 25, /* secp521r1 (25) */
- 0, 28, /* brainpool512r1 (28) */
- 0, 27, /* brainpoolP384r1 (27) */
0, 24, /* secp384r1 (24) */
- 0, 26, /* brainpoolP256r1 (26) */
0, 22, /* secp256k1 (22) */
# ifndef OPENSSL_NO_EC2M
/* >= 256-bit binary curves. */
@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = {
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
0, 25, /* secp521r1 (25) */
- 0, 28, /* brainpool512r1 (28) */
- 0, 27, /* brainpoolP384r1 (27) */
0, 24, /* secp384r1 (24) */
- 0, 26, /* brainpoolP256r1 (26) */
0, 22, /* secp256k1 (22) */
# ifndef OPENSSL_NO_EC2M
/* >= 256-bit binary curves. */
@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = {
* Remaining curves disabled by default but still permitted if set
* via an explicit callback or parameters.
*/
- 0, 20, /* secp224k1 (20) */
- 0, 21, /* secp224r1 (21) */
- 0, 18, /* secp192k1 (18) */
- 0, 19, /* secp192r1 (19) */
- 0, 15, /* secp160k1 (15) */
- 0, 16, /* secp160r1 (16) */
- 0, 17, /* secp160r2 (17) */
# ifndef OPENSSL_NO_EC2M
0, 8, /* sect239k1 (8) */
0, 6, /* sect233k1 (6) */
@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = {
0, 9, /* sect283k1 (9) */
0, 10, /* sect283r1 (10) */
# endif
- 0, 22, /* secp256k1 (22) */
0, 23, /* secp256r1 (23) */
# ifndef OPENSSL_NO_EC2M
0, 8, /* sect239k1 (8) */
0, 6, /* sect233k1 (6) */
0, 7, /* sect233r1 (7) */
# endif
- 0, 20, /* secp224k1 (20) */
- 0, 21, /* secp224r1 (21) */
# ifndef OPENSSL_NO_EC2M
0, 4, /* sect193r1 (4) */
0, 5, /* sect193r2 (5) */
# endif
- 0, 18, /* secp192k1 (18) */
- 0, 19, /* secp192r1 (19) */
# ifndef OPENSSL_NO_EC2M
0, 1, /* sect163k1 (1) */
0, 2, /* sect163r1 (2) */
0, 3, /* sect163r2 (3) */
# endif
- 0, 15, /* secp160k1 (15) */
- 0, 16, /* secp160r1 (16) */
- 0, 17, /* secp160r2 (17) */
};
# endif

3
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf vendored
View File

@ -1,3 +0,0 @@
d /etc/ssl - - - - -
d /etc/ssl/private 0700 - - - -
L /etc/ssl/openssl.cnf - - - - ../../usr/share/ssl/openssl.cnf

112
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild → sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2p-r1.ebuild vendored
View File

@ -1,23 +1,27 @@
# Copyright 1999-2018 Gentoo Foundation # Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI="6" EAPI="6"
inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal systemd inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
PATCH_SET="openssl-1.0.2-patches-1.4" PATCH_SET="openssl-1.0.2-patches-1.6"
MY_P=${P/_/-} MY_P=${P/_/-}
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="https://www.openssl.org/" HOMEPAGE="https://www.openssl.org/"
SRC_URI="mirror://openssl/source/${MY_P}.tar.gz SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
mirror://gentoo/${PATCH_SET}.tar.xz !vanilla? (
https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz mirror://gentoo/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz" https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
)"
LICENSE="openssl" LICENSE="openssl"
SLOT="0" SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux"
IUSE="+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )"
RDEPEND=">=app-misc/c_rehash-1.7-r1 RDEPEND=">=app-misc/c_rehash-1.7-r1
gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
@ -32,6 +36,28 @@ DEPEND="${RDEPEND}
)" )"
PDEPEND="app-misc/ca-certificates" PDEPEND="app-misc/ca-certificates"
# This does not copy the entire Fedora patchset, but JUST the parts that
# are needed to make it safe to use EC with RESTRICT=bindist.
# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
SOURCE1=hobble-openssl
SOURCE12=ec_curve.c
SOURCE13=ectest.c
# These are ported instead
#PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
#PATCH37=openssl-1.1.0-ec-curves.patch
FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
FEDORA_GIT_BRANCH='f25'
FEDORA_SRC_URI=()
FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
FEDORA_PATCH=( $PATCH1 $PATCH37 )
for i in "${FEDORA_SOURCE[@]}" ; do
FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
done
for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
done
SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
S="${WORKDIR}/${MY_P}" S="${WORKDIR}/${MY_P}"
MULTILIB_WRAPPED_HEADERS=( MULTILIB_WRAPPED_HEADERS=(
@ -39,6 +65,25 @@ MULTILIB_WRAPPED_HEADERS=(
) )
src_prepare() { src_prepare() {
if use bindist; then
# This just removes the prefix, and puts it into WORKDIR like the RPM.
for i in "${FEDORA_SOURCE[@]}" ; do
cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
done
# .spec %prep
bash "${WORKDIR}"/"${SOURCE1}" || die
cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/crypto/ec/ || die # Moves to test/ in OpenSSL-1.1
for i in "${FEDORA_PATCH[@]}" ; do
eapply "${DISTDIR}"/"${i}"
done
eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
# Also see the configure parts below:
# enable-ec \
# $(use_ssl !bindist ec2m) \
# $(use_ssl !bindist srp) \
fi
# keep this in sync with app-misc/c_rehash # keep this in sync with app-misc/c_rehash
SSL_CNF_DIR="/etc/ssl" SSL_CNF_DIR="/etc/ssl"
@ -61,7 +106,7 @@ src_prepare() {
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-e $(has noman FEATURES \ -e $(has noman FEATURES \
&& echo '/^install:/s:install_docs::' \ && echo '/^install:/s:install_docs::' \
|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ || echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
Makefile.org \ Makefile.org \
|| die || die
# show the actual commands in the log # show the actual commands in the log
@ -70,7 +115,8 @@ src_prepare() {
# since we're forcing $(CC) as makedep anyway, just fix # since we're forcing $(CC) as makedep anyway, just fix
# the conditional as always-on # the conditional as always-on
# helps clang (#417795), and versioned gcc (#499818) # helps clang (#417795), and versioned gcc (#499818)
sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die # this breaks build with 1.0.2p, not sure if it is needed anymore
#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
# quiet out unknown driver argument warnings since openssl # quiet out unknown driver argument warnings since openssl
# doesn't have well-split CFLAGS and we're making it even worse # doesn't have well-split CFLAGS and we're making it even worse
@ -85,7 +131,7 @@ src_prepare() {
append-flags $(test-flags-CC -Wa,--noexecstack) append-flags $(test-flags-CC -Wa,--noexecstack)
append-cppflags -DOPENSSL_NO_BUF_FREELISTS append-cppflags -DOPENSSL_NO_BUF_FREELISTS
sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 sed -i '1s,^:$,#!'${EPREFIX%/}'/usr/bin/perl,' Configure #141906
# The config script does stupid stuff to prompt the user. Kill it. # The config script does stupid stuff to prompt the user. Kill it.
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE" ./config --test-sanity || die "I AM NOT SANE"
@ -134,11 +180,15 @@ multilib_src_configure() {
local config="Configure" local config="Configure"
[[ -z ${sslout} ]] && config="config" [[ -z ${sslout} ]] && config="config"
# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
echoit \ echoit \
./${config} \ ./${config} \
${sslout} \ ${sslout} \
$(use cpu_flags_x86_sse2 || echo "no-sse2") \ $(use cpu_flags_x86_sse2 || echo "no-sse2") \
enable-camellia \ enable-camellia \
enable-ec \
$(use_ssl !bindist ec2m) \
$(use_ssl !bindist srp) \
${ec_nistp_64_gcc_128} \ ${ec_nistp_64_gcc_128} \
enable-idea \ enable-idea \
enable-mdc2 \ enable-mdc2 \
@ -153,8 +203,8 @@ multilib_src_configure() {
$(use_ssl sslv3 ssl3) \ $(use_ssl sslv3 ssl3) \
$(use_ssl tls-heartbeat heartbeats) \ $(use_ssl tls-heartbeat heartbeats) \
$(use_ssl zlib) \ $(use_ssl zlib) \
--prefix="${EPREFIX}"/usr \ --prefix="${EPREFIX%/}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \ --openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \ --libdir=$(get_libdir) \
shared threads \ shared threads \
|| die || die
@ -177,7 +227,7 @@ multilib_src_configure() {
multilib_src_compile() { multilib_src_compile() {
# depend is needed to use $confopts; it also doesn't matter # depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs # that it's -j1 as the code itself serializes subdirs
emake -j1 depend emake -j1 V=1 depend
emake all emake all
# rehash is needed to prep the certs/ dir; do this # rehash is needed to prep the certs/ dir; do this
# separately to avoid parallel build issues. # separately to avoid parallel build issues.
@ -189,13 +239,19 @@ multilib_src_test() {
} }
multilib_src_install() { multilib_src_install() {
emake INSTALL_PREFIX="${D}" install # We need to create $ED/usr on our own to avoid a race condition #665130
if [[ ! -d "${ED%/}/usr" ]]; then
# We can only create this directory once
mkdir "${ED%/}"/usr || die
fi
emake INSTALL_PREFIX="${D%/}" install
} }
multilib_src_install_all() { multilib_src_install_all() {
# openssl installs perl version of c_rehash by default, but # openssl installs perl version of c_rehash by default, but
# we provide a shell version via app-misc/c_rehash # we provide a shell version via app-misc/c_rehash
rm "${ED}"/usr/bin/c_rehash || die rm "${ED%/}"/usr/bin/c_rehash || die
local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el ) local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
einstalldocs einstalldocs
@ -209,6 +265,11 @@ multilib_src_install_all() {
# twice; once with shared lib support enabled and once without. # twice; once with shared lib support enabled and once without.
use static-libs || rm -f "${ED}"/usr/lib*/lib*.a use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
# create the certs directory
dodir ${SSL_CNF_DIR}/certs
cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
# Namespace openssl programs to prevent conflicts with other man pages # Namespace openssl programs to prevent conflicts with other man pages
cd "${ED}"/usr/share/man cd "${ED}"/usr/share/man
local m d s local m d s
@ -234,15 +295,12 @@ multilib_src_install_all() {
dodir /etc/sandbox.d #254521 dodir /etc/sandbox.d #254521
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
# Don't keep the sample CA files and their ilk in /etc. diropts -m0700
rm -r "${ED}"${SSL_CNF_DIR} keepdir ${SSL_CNF_DIR}/private
}
# Save the default openssl.cnf in /usr and link it into place.
dodir /usr/share/ssl pkg_postinst() {
insinto /usr/share/ssl ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
doins "${S}"/apps/openssl.cnf c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
systemd_dotmpfilesd "${FILESDIR}"/openssl.conf eend $?
# Package the tmpfiles.d setup for SDK bootstrapping.
systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf
} }

15
sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2o-r3 → sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2p-r1 vendored
View File

@ -1,14 +1,15 @@
DEFINED_PHASES=compile configure install prepare test DEFINED_PHASES=compile configure install postinst prepare test
DEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-apps/diffutils sys-devel/bc ) virtual/pkgconfig DEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-apps/diffutils sys-devel/bc )
DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS) DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
EAPI=6 EAPI=6
HOMEPAGE=https://www.openssl.org/ HOMEPAGE=https://www.openssl.org/
IUSE=+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64 IUSE=+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~x86-linux
LICENSE=openssl LICENSE=openssl
PDEPEND=app-misc/ca-certificates PDEPEND=app-misc/ca-certificates
RDEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) RDEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] )
RESTRICT=!bindist? ( bindist )
SLOT=0 SLOT=0
SRC_URI=mirror://openssl/source/openssl-1.0.2o.tar.gz mirror://gentoo/openssl-1.0.2-patches-1.4.tar.xz https://dev.gentoo.org/~whissi/dist/openssl/openssl-1.0.2-patches-1.4.tar.xz https://dev.gentoo.org/~polynomial-c/dist/openssl-1.0.2-patches-1.4.tar.xz SRC_URI=mirror://openssl/source/openssl-1.0.2p.tar.gz !vanilla? ( mirror://gentoo/openssl-1.0.2-patches-1.6.tar.xz https://dev.gentoo.org/~chutzpah/dist/openssl/openssl-1.0.2-patches-1.6.tar.xz https://dev.gentoo.org/~whissi/dist/openssl/openssl-1.0.2-patches-1.6.tar.xz https://dev.gentoo.org/~polynomial-c/dist/openssl-1.0.2-patches-1.6.tar.xz ) bindist? ( https://src.fedoraproject.org/cgit/rpms/openssl.git/plain//hobble-openssl?h=f25 -> openssl-1.0.2p_hobble-openssl https://src.fedoraproject.org/cgit/rpms/openssl.git/plain//ec_curve.c?h=f25 -> openssl-1.0.2p_ec_curve.c https://src.fedoraproject.org/cgit/rpms/openssl.git/plain//ectest.c?h=f25 -> openssl-1.0.2p_ectest.c )
_eclasses_=desktop b1d22ac8bdd4679ab79c71aca235009d epatch a1bf4756dba418a7238f3be0cb010c54 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 6e6c2737b59a4b982de6fb3ecefd87f8 flag-o-matic 55aaa148741116aa54ad0d80e361818e ltprune 08f9e1d9ee0af8f5d9a7854efbcd8c0e multibuild 40fe59465edacd730c644ec2bc197809 multilib b2f01ad412baf81650c23fcf0975fa33 multilib-build b42436dc1260f475af229754c165cb6b multilib-minimal 8bddda43703ba94d8341f4e247f97566 preserve-libs ef207dc62baddfddfd39a164d9797648 systemd 47c677ae1d7b69031f11f630ac09f0d1 toolchain-funcs f164325a2cdb5b3ea39311d483988861 vcs-clean 2a0f74a496fa2b1552c4f3398258b7bf _eclasses_=desktop b1d22ac8bdd4679ab79c71aca235009d epatch a1bf4756dba418a7238f3be0cb010c54 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 6e6c2737b59a4b982de6fb3ecefd87f8 flag-o-matic 55aaa148741116aa54ad0d80e361818e ltprune 08f9e1d9ee0af8f5d9a7854efbcd8c0e multibuild 40fe59465edacd730c644ec2bc197809 multilib b2f01ad412baf81650c23fcf0975fa33 multilib-build b42436dc1260f475af229754c165cb6b multilib-minimal 8bddda43703ba94d8341f4e247f97566 preserve-libs ef207dc62baddfddfd39a164d9797648 toolchain-funcs f164325a2cdb5b3ea39311d483988861 vcs-clean 2a0f74a496fa2b1552c4f3398258b7bf
_md5_=c4338c372eb9630fcc6925a997f43e77 _md5_=3284ff7ee6fffb6fc1211d91c96667f4