From 26b27b7ac5c20e0d623a6ac6d85a88837acb4ab1 Mon Sep 17 00:00:00 2001 From: Sayan Chowdhury Date: Fri, 26 Feb 2021 09:41:18 +0000 Subject: [PATCH] dev-libs/openssl: Apply Flatcar changes - Drop binddist from RESTRICT variable - Drop pkg_postinst - Create /etc/ssl with tmpfiles (and package it for the SDK). Signed-off-by: Sayan Chowdhury --- .../dev-libs/openssl/files/openssl.conf | 3 +++ .../dev-libs/openssl/openssl-1.1.1j.ebuild | 25 +++++++++---------- .../profiles/coreos/base/package.unmask | 2 +- 3 files changed, 16 insertions(+), 14 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf new file mode 100644 index 0000000000..ce86101ce7 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf @@ -0,0 +1,3 @@ +d /etc/ssl - - - - - +d /etc/ssl/private 0700 - - - - +L /etc/ssl/openssl.cnf - - - - ../../usr/share/ssl/openssl.cnf diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1j.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1j.ebuild index 2763945ae1..441d5d75d2 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1j.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1j.ebuild @@ -3,7 +3,7 @@ EAPI="7" -inherit flag-o-matic toolchain-funcs multilib multilib-minimal +inherit flag-o-matic toolchain-funcs multilib multilib-minimal systemd MY_P=${P/_/-} @@ -29,7 +29,7 @@ SLOT="0/1.1" # .so version of libssl/libcrypto [[ "${PV}" = *_pre* ]] || \ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux" IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist ) +RESTRICT=" !test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 @@ -47,7 +47,6 @@ PDEPEND="app-misc/ca-certificates" PATCHES=( "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 - "${FILESDIR}"/${PN}-1.1.1i-riscv32.patch ) S="${WORKDIR}/${MY_P}" @@ -286,9 +285,6 @@ multilib_src_install_all() { # twice; once with shared lib support enabled and once without. use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - # create the certs directory - keepdir ${SSL_CNF_DIR}/certs - # Namespace openssl programs to prevent conflicts with other man pages cd "${ED}"/usr/share/man || die local m d s @@ -315,12 +311,15 @@ multilib_src_install_all() { dodir /etc/sandbox.d #254521 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} + # Don't keep the sample CA files and their ilk in /etc. + rm -r "${ED}"${SSL_CNF_DIR} -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null - eend $? + # Save the default openssl.cnf in /usr and link it into place. + dodir /usr/share/ssl + insinto /usr/share/ssl + doins "${S}"/apps/openssl.cnf + systemd_dotmpfilesd "${FILESDIR}"/openssl.conf + + # Package the tmpfiles.d setup for SDK bootstrapping. + systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf } diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask index dda882338a..5751784c07 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask @@ -1,5 +1,5 @@ # Overwrite outdated portage-stable mask -=dev-libs/openssl-1.1.1g +=dev-libs/openssl-1.1.1j # Overwrite portage-stable mask - this package was removed in # gentoo. We still need it, since sys-libs/libsemanage still requires