diff --git a/sdk_container/src/third_party/portage-stable/eclass/ssl-cert.eclass b/sdk_container/src/third_party/portage-stable/eclass/ssl-cert.eclass index 240f9f12cc..bc1e3ab9db 100644 --- a/sdk_container/src/third_party/portage-stable/eclass/ssl-cert.eclass +++ b/sdk_container/src/third_party/portage-stable/eclass/ssl-cert.eclass @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: ssl-cert.eclass @@ -22,6 +22,8 @@ esac if [[ -z ${_SSL_CERT_ECLASS} ]]; then _SSL_CERT_ECLASS=1 +inherit edo + # @ECLASS_VARIABLE: SSL_CERT_MANDATORY # @PRE_INHERIT # @DESCRIPTION: @@ -42,10 +44,16 @@ _SSL_CERT_ECLASS=1 if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then if [[ "${SSL_CERT_MANDATORY}" == "0" ]]; then - BDEPEND="${SSL_CERT_USE}? ( dev-libs/openssl )" + RDEPEND="${SSL_CERT_USE}? ( dev-libs/openssl )" + if [[ ${EAPI} != 7 ]]; then + IDEPEND="${SSL_CERT_USE}? ( dev-libs/openssl )" + fi IUSE="${SSL_CERT_USE}" else - BDEPEND="dev-libs/openssl" + RDEPEND="dev-libs/openssl" + if [[ ${EAPI} != 7 ]]; then + IDEPEND="dev-libs/openssl" + fi fi fi @@ -61,9 +69,6 @@ gen_cnf() { SSL_CONF="${T}/${$}ssl.cnf" # Location of the CA serial file SSL_SERIAL="${T}/${$}ca.ser" - # Location of some random files OpenSSL can use: don't use - # /dev/u?random here -- doesn't work properly on all platforms - SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" # These can be overridden in the ebuild SSL_DAYS="${SSL_DAYS:-730}" @@ -125,11 +130,8 @@ get_base() { # gen_key() { local base=$(get_base "$1") - ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}" - openssl genrsa -rand "${SSL_RANDOM}" \ - -out "${base}.key" "${SSL_BITS}" &> /dev/null - eend $? - + nonfatal edob -m "Generating ${SSL_BITS} bit RSA key${1:+ for CA}" \ + openssl genrsa -out "${base}.key" "${SSL_BITS}" return $? } @@ -142,11 +144,9 @@ gen_key() { # gen_csr() { local base=$(get_base "$1") - ebegin "Generating Certificate Signing Request${1:+ for CA}" - openssl req -config "${SSL_CONF}" -new \ - -key "${base}.key" -out "${base}.csr" &>/dev/null - eend $? - + nonfatal edob -m "Generating Certificate Signing Request${1:+ for CA}" \ + openssl req -config "${SSL_CONF}" -new \ + -key "${base}.key" -out "${base}.csr" return $? } @@ -162,21 +162,19 @@ gen_csr() { gen_crt() { local base=$(get_base "$1") if [ "${1}" ] ; then - ebegin "Generating self-signed X.509 Certificate for CA" - openssl x509 -extfile "${SSL_CONF}" \ - -${SSL_MD} \ - -days ${SSL_DAYS} -req -signkey "${base}.key" \ - -in "${base}.csr" -out "${base}.crt" &>/dev/null + nonfatal edob -m "Generating self-signed X.509 Certificate for CA" \ + openssl x509 -extfile "${SSL_CONF}" \ + -${SSL_MD} \ + -days ${SSL_DAYS} -req -signkey "${base}.key" \ + -in "${base}.csr" -out "${base}.crt" else local ca=$(get_base 1) - ebegin "Generating authority-signed X.509 Certificate" - openssl x509 -extfile "${SSL_CONF}" \ - -days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \ - -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \ - -in "${base}.csr" -out "${base}.crt" &>/dev/null + nonfatal edob -m "Generating authority-signed X.509 Certificate" \ + openssl x509 -extfile "${SSL_CONF}" \ + -days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \ + -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \ + -in "${base}.csr" -out "${base}.crt" fi - eend $? - return $? } @@ -212,9 +210,8 @@ install_cert() { fi case ${EBUILD_PHASE} in - unpack|prepare|configure|compile|test|install) - die "install_cert cannot be called in ${EBUILD_PHASE}" - ;; + config|preinst|postinst) ;; + *) die "install_cert cannot be called in ${EBUILD_PHASE}" ;; esac # Generate a CA environment #164601