dev-libs/openssl: Apply Flatcar modifications

- remove unecessary files - drop `pkg_postint` - create `/etc/ssl` with tmpfiles - mark openssl as stable for arm64 and amd64 Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2025-08-15 00:46:58 +02:00 · 2022-03-16 10:40:40 +01:00 · 2022-03-16 10:40:40 +01:00 · c49c230f1b
commit c49c230f1b
parent 704380a2e0
2 changed files with 16 additions and 12 deletions
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl.conf
@ -0,0 +1,3 @@
+d      /etc/ssl                -       -       -       -       -
+d      /etc/ssl/private        0700    -       -       -       -
+L      /etc/ssl/openssl.cnf    -       -       -       -       ../../usr/share/ssl/openssl.cnf
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.7.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-3.0.7.ebuild
@ -4,7 +4,8 @@
 EAPI=7

 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
+TMPFILES_OPTIONAL=1
+inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig systemd tmpfiles

 DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
 HOMEPAGE="https://www.openssl.org/"
@ -18,7 +19,7 @@ if [[ ${PV} == 9999 ]] ; then
 else
 	SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+	KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
 fi

 S="${WORKDIR}"/${MY_P}
@ -287,9 +288,6 @@ multilib_src_install_all() {

 	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el

-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
 	# Namespace openssl programs to prevent conflicts with other man pages
 	cd "${ED}"/usr/share/man || die
 	local m d s
@ -326,12 +324,15 @@ multilib_src_install_all() {
 	dodir /etc/sandbox.d
 	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl

-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
+	# flatcar changes: do not keep the sample CA files in `/etc`
+	rm -rf "${ED}"${SSL_CNF_DIR}

-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes (bug #333069)"
-	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
+	# flatcar changes: save the default `openssl.cnf` in `/usr`
+	dodir /usr/share/ssl
+	insinto /usr/share/ssl
+	doins "${S}"/apps/openssl.cnf
+	dotmpfiles "${FILESDIR}"/openssl.conf
+
+	# flatcar changes: package `tmpfiles.d` setup for SDK bootstrapping.
+	systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf
 }