From b3a9d297eedd6c5fd1fce1232fb6023e8be8884f Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Fri, 24 Sep 2021 10:13:06 +0200
Subject: [PATCH] dev-libs/openssl: apply flatcar changes

- drop `pkg_postint`
- create `/etc/ssl` with systemd-tmpfiles

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../dev-libs/openssl/files/openssl.conf       |  3 +++
 .../dev-libs/openssl/openssl-3.0.0.ebuild     | 22 +++++++++----------
 2 files changed, 14 insertions(+), 11 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf
new file mode 100644
index 0000000000..d8788d2929
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf
@@ -0,0 +1,3 @@
+d      /etc/ssl                -       -       -       -       -
+d      /etc/ssl/private        0700    -       -       -       -
+L      /etc/ssl/openssl.cnf    -       -       -       -       ../../usr/share/ssl/openssl.cnf
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.0.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.0.ebuild
index dad6d1b877..41e616da20 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.0.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.0.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit flag-o-matic linux-info toolchain-funcs multilib-minimal
+inherit flag-o-matic linux-info toolchain-funcs multilib-minimal systemd
 
 MY_P=${P/_/-}
 
@@ -248,9 +248,6 @@ multilib_src_install_all() {
 
 	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
 
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
 	# Namespace openssl programs to prevent conflicts with other man pages
 	cd "${ED}"/usr/share/man || die
 	local m d s
@@ -282,12 +279,15 @@ multilib_src_install_all() {
 	dodir /etc/sandbox.d #254521
 	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
 
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
+	# flatcar changes: do not keep the sample CA files in `/etc`
+	rm -rf "${ED}"${SSL_CNF_DIR}
 
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
+	# flatcar changes: save the default `openssl.cnf` in `/usr`
+	dodir /usr/share/ssl
+	insinto /usr/share/ssl
+	doins "${S}"/apps/openssl.cnf
+	systemd_dotmpfilesd "${FILESDIR}"/openssl.conf
+
+	# flatcar changes: package `tmpfiles.d` setup for SDK bootstrapping.
+	systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf
 }