net-libs/gnutls: Sync with Gentoo

It's from Gentoo commit 71dd0961b35263fb829a03763cd07f8df9a4cd70.
2025-09-24 23:21:17 +02:00 · 2024-04-22 07:15:12 +00:00 · 2024-04-22 07:15:12 +00:00 · 4923b4b318
commit 4923b4b318
parent a7d48a0e19
3 changed files with 151 additions and 46 deletions
--- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest
+++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/Manifest
@ -6,3 +6,5 @@ DIST gnutls-3.8.0.tar.xz 6378480 BLAKE2B 64784e9c0ac4dcab2c9e90d7d17d0bd8a002122
 DIST gnutls-3.8.0.tar.xz.sig 684 BLAKE2B c5dbed12b8233ed8502dac16b77d6043591296f4b9ddb0445271e8fe875c2a05b9663ad6523cca6355faaa9d244cc6e6fb8ff0d65fee47b36ab6b57f57d89f64 SHA512 9db8db74aa0ebd871287b07b6a8a9f4ce90188633618e669fe07cb8bb314b624c14761f6fe1970e2fbffa87f7c0d6daa4b0fa838bd05f74b8b18cd1b5325c654
 DIST gnutls-3.8.3.tar.xz 6463720 BLAKE2B 27a4bb4d8a5697e2187113351b2ad1e849bca7bcfb556c1b54fc2d02bef16e2789e7c437ac8db8fe6d2bcfc0e3e3467bbff2dd5d2fc0adb9bf8bda81cb89e452 SHA512 74eddba01ce4c2ffdca781c85db3bb52c85f1db3c09813ee2b8ceea0608f92ca3912fd9266f55deb36a8ba4d01802895ca5d5d219e7d9caec45e1a8534e45a84
 DIST gnutls-3.8.3.tar.xz.sig 580 BLAKE2B 25875eb17d9e59bf1f1b6a61dfc7657d838ac154dbb3e26c8df1995884077878ca607de62a8ce3b9287df1ea7ff523c0abc7c4548f1ca789c308eb6bda0edbaa SHA512 5b2ca0648ca5feeda1de933de2bbaf71fadb70e830a8f0d494d2f0380b6d0d7b79445257cc79e59bba1a7ff639ab4573da3e3e124eb80c20ac6141e29a4827ff
+DIST gnutls-3.8.5.tar.xz 6491504 BLAKE2B 30ea0e213b426df896af7cddfc39a7c50fd3130f99ced8386dc55e851122a37f6171722d2cb4abb68b9d2523cd3ba044b01248d740571a3bdd0cadf555894cdf SHA512 4bac1aa7ec1dce9b3445cc515cc287a5af032d34c207399aa9722e3dc53ed652f8a57cfbc9c5e40ccc4a2631245d89ab676e3ba2be9563f60ba855aaacb8e23c
+DIST gnutls-3.8.5.tar.xz.sig 119 BLAKE2B 62ff7b33fb80422774f8252f574560679b7dc4fa56fa680a4cf570320fa9692aa6f8b6a7e4683a684572287cfd22168f58679d2dc4cc507dc50269ed126990fd SHA512 b0f7a8ec348765112cac75fd732e066adaa1595bb83024cfeff6633aba35277d8aceda145c733c3d95f1e0eb4d34fead2479abdb08d6041362094a235460fa67
--- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.1-fix-gnutls-header.patch
+++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/files/gnutls-3.8.1-fix-gnutls-header.patch
@ -1,46 +0,0 @@
-https://bugs.gentoo.org/911872
-https://gitlab.com/gnutls/gnutls/-/commit/abfa8634db940115a11a07596ce53c8f9c4f87d2
-
-From abfa8634db940115a11a07596ce53c8f9c4f87d2 Mon Sep 17 00:00:00 2001
-From: Adrian Bunk <bunk@debian.org>
-Date: Sun, 6 Aug 2023 22:46:22 +0300
-Subject: [PATCH] Move the GNUTLS_NO_EXTENSIONS compatibility #define to
- gnutls.h
-
-Signed-off-by: Adrian Bunk <bunk@debian.org>
--- a/lib/ext/ext_master_secret.h
-+++ b/lib/ext/ext_master_secret.h
-@@ -23,9 +23,6 @@
- #ifndef GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
- #define GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
- 
-/* Keep backward compatibility */
-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
-
- #include <hello_ext.h>
- 
- extern const hello_ext_entry_st ext_mod_ext_master_secret;
--- a/lib/includes/gnutls/gnutls.h.in
-+++ b/lib/includes/gnutls/gnutls.h.in
-@@ -542,6 +542,9 @@ typedef enum {
- #define GNUTLS_ENABLE_CERT_TYPE_NEG 0
- // Here for compatibility reasons
- 
-+/* Keep backward compatibility */
-+#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
-+
- /**
-  * gnutls_alert_level_t:
-  * @GNUTLS_AL_WARNING: Alert of warning severity.
--- a/lib/state.h
-+++ b/lib/state.h
-@@ -110,7 +110,4 @@ inline static int _gnutls_PRF(gnutls_session_t session, const uint8_t *secret,
- 
- #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
- 
-/* Keep backward compatibility */
-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
-
- #endif /* GNUTLS_LIB_STATE_H */
-- 
-GitLab
--- a/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/net-libs/gnutls/gnutls-3.8.5.ebuild
@ -0,0 +1,149 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnutls.asc
+inherit libtool multilib-minimal verify-sig
+
+DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
+HOMEPAGE="https://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
+
+LICENSE="GPL-3 LGPL-2.1+"
+# As of 3.8.0, the C++ library is header-only, but we won't drop the subslot
+# component for it until libgnutls.so breaks ABI, to avoid pointless rebuilds.
+# Subslot format:
+# <libgnutls.so number>.<libgnutlsxx.so number>
+SLOT="0/30.30"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="brotli +cxx dane doc examples +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools zlib zstd"
+REQUIRED_USE="test-full? ( cxx dane doc examples idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	>=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+	brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
+	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
+	zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
+	zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		seccomp? ( sys-libs/libseccomp )
+	)
+"
+BDEPEND="
+	dev-build/gtk-doc-am
+	>=virtual/pkgconfig-0-r1
+	doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )
+	test-full? (
+		app-crypt/dieharder
+		|| ( sys-libs/libfaketime >=app-misc/datefudge-1.22 )
+		dev-libs/softhsm:2[-bindist(-)]
+		net-dialup/ppp
+		net-misc/socat
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20240415 )
+"
+
+DOCS=( README.md doc/certtool.cfg )
+
+HTML_DOCS=()
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	# gnulib FPs
+	MIN
+	alignof
+	static_assert
+)
+
+src_prepare() {
+	default
+
+	# bug #520818
+	export TZ=UTC
+
+	use doc && HTML_DOCS+=( doc/gnutls.html )
+
+	# don't try to use system certificate store on macOS, it is
+	# confusingly ignoring our ca-certificates and more importantly
+	# fails to compile in certain configurations
+	sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	local libconf=()
+
+	# TPM needs to be tested before being enabled
+	# Note that this may add a libltdl dep when enabled. Check configure.ac.
+	libconf+=(
+		--without-tpm
+		--without-tpm2
+	)
+
+	# hardware-accel is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	# -fanalyzer substantially slows down the build and isn't useful for
+	# us. It's useful for upstream as it's static analysis, but it's not
+	# useful when just getting something built.
+	export gl_cv_warn_c__fanalyzer=no
+
+	local myeconfargs=(
+		--disable-valgrind-tests
+		$(multilib_native_enable manpages)
+		$(multilib_native_use_enable doc gtk-doc)
+		$(multilib_native_use_enable doc)
+		$(multilib_native_use_enable seccomp seccomp-tests)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test-full full-test-suite)
+		$(multilib_native_use_enable tools)
+		$(use_enable cxx)
+		$(use_enable dane libdane)
+		$(use_enable nls)
+		$(use_enable openssl openssl-compatibility)
+		$(use_enable sslv2 ssl2-support)
+		$(use_enable sslv3 ssl3-support)
+		$(use_enable static-libs static)
+		$(use_enable tls-heartbeat heartbeat-support)
+		$(use_with brotli)
+		$(use_with idn)
+		$(use_with pkcs11 p11-kit)
+		$(use_with zlib)
+		$(use_with zstd)
+		--disable-rpath
+		--with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+		--with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
+		--without-included-libtasn1
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}