dev-libs/openssl: Apply Flatcar modifications

- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- continue shipping app-misc/c_rehash

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>

sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf

@@ -0,0 +1,3 @@
+d      /etc/ssl                -       -       -       -       -
+d      /etc/ssl/private        0700    -       -       -       -
+L      /etc/ssl/openssl.cnf    -       -       -       -       ../../usr/share/ssl/openssl.cnf

sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.9-r2.ebuild

@@ -4,8 +4,9 @@
 EAPI=8
 
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
+TMPFILES_OPTIONAL=1
 inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
+inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig tmpfiles
 
 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
 HOMEPAGE="https://www.openssl.org/"
@@ -29,7 +30,11 @@ SLOT="0/3" # .so version of libssl/libcrypto
 IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
 RESTRICT="!test? ( test )"
 
+# Flatcar: Gentoo dropped dependency on c_rehash, a required tool for
+# generating certs, and does not provide a built-in tool either.
+# Continue shipping it.
 COMMON_DEPEND="
+	>=app-misc/c_rehash-1.7-r1
 	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 "
 BDEPEND="
@@ -255,15 +260,21 @@ multilib_src_install_all() {
 
 	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
 
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
 	# bug #254521
 	dodir /etc/sandbox.d
 	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
 
-	diropts -m0700
+	# flatcar changes: do not keep the sample CA files in `/etc`
-	keepdir ${SSL_CNF_DIR}/private
+	rm -rf "${ED}"${SSL_CNF_DIR}
+
+	# flatcar changes: save the default `openssl.cnf` in `/usr`
+	dodir /usr/share/ssl
+	insinto /usr/share/ssl
+	doins "${S}"/apps/openssl.cnf
+	dotmpfiles "${FILESDIR}"/openssl.conf
+
+	# flatcar changes: package `tmpfiles.d` setup for SDK bootstrapping.
+	systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf
 }
 
 pkg_preinst() {
@@ -279,12 +290,3 @@ pkg_preinst() {
 	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
 		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
 }
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}