From 67f331a8f9fd883bc842146a36c5f91c46a5a43a Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Wed, 16 Mar 2022 10:40:40 +0100 Subject: [PATCH] dev-libs/openssl: Apply Flatcar modifications - remove unecessary files - drop `pkg_postint` - create `/etc/ssl` with tmpfiles - mark openssl as stable for arm64 and amd64 - continue shipping app-misc/c_rehash Signed-off-by: Mathieu Tortuyaux Signed-off-by: Dongsu Park --- .../dev-libs/openssl/files/openssl.conf | 3 ++ .../dev-libs/openssl/openssl-3.0.9.ebuild | 30 +++++++++++-------- 2 files changed, 21 insertions(+), 12 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf new file mode 100644 index 0000000000..d8788d2929 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf @@ -0,0 +1,3 @@ +d /etc/ssl - - - - - +d /etc/ssl/private 0700 - - - - +L /etc/ssl/openssl.cnf - - - - ../../usr/share/ssl/openssl.cnf diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.9.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.9.ebuild index becca75156..e5032f0e9c 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.9.ebuild @@ -4,7 +4,8 @@ EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc -inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig +TMPFILES_OPTIONAL=1 +inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig systemd tmpfiles DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" HOMEPAGE="https://www.openssl.org/" @@ -18,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then else SRC_URI="mirror://openssl/source/${MY_P}.tar.gz verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos" + KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos" fi S="${WORKDIR}"/${MY_P} @@ -28,7 +29,11 @@ SLOT="0/3" # .so version of libssl/libcrypto IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" RESTRICT="!test? ( test )" +# Flatcar: Gentoo dropped dependency on c_rehash, a required tool for +# generating certs, and does not provide a built-in tool either. +# Continue shipping it. COMMON_DEPEND=" + >=app-misc/c_rehash-1.7-r1 tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) " BDEPEND=" @@ -244,15 +249,21 @@ multilib_src_install_all() { dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el - # Create the certs directory - keepdir ${SSL_CNF_DIR}/certs - # bug #254521 dodir /etc/sandbox.d echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private + # flatcar changes: do not keep the sample CA files in `/etc` + rm -rf "${ED}"${SSL_CNF_DIR} + + # flatcar changes: save the default `openssl.cnf` in `/usr` + dodir /usr/share/ssl + insinto /usr/share/ssl + doins "${S}"/apps/openssl.cnf + dotmpfiles "${FILESDIR}"/openssl.conf + + # flatcar changes: package `tmpfiles.d` setup for SDK bootstrapping. + systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf } pkg_preinst() { @@ -266,8 +277,3 @@ pkg_preinst() { fi } -pkg_postinst() { - ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" - openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" - eend $? -}