From 64c8210a60711553ec2e8cbe0aca9a19d78072fb Mon Sep 17 00:00:00 2001 From: James Forcier Date: Tue, 26 Jun 2018 11:52:32 -0700 Subject: [PATCH 1/3] dev-libs/openssl: bump to 1.0.2o-r3 Use Gentoo's openssl-1.0.2o-r3, since the -r6 ebuild has diverged somewhat more significantly from the 1.0.2n ebuild. --- .../coreos-overlay/dev-libs/openssl/Manifest | 4 +- ...1.0.2n.ebuild => openssl-1.0.2o-r3.ebuild} | 49 ++++++++++--------- 2 files changed, 29 insertions(+), 24 deletions(-) rename sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/{openssl-1.0.2n.ebuild => openssl-1.0.2o-r3.ebuild} (84%) diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest index b5aae0349c..2d9480b739 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest @@ -1,2 +1,2 @@ -DIST openssl-1.0.2-patches-1.0.tar.xz 11572 SHA256 374df2ca88df2ff6c0726ed4c5a36d1f212948d30071cce29446e8a6ddb61a3f SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9 WHIRLPOOL fcb1aaa0aff25044e3af29b469302881ca7943c98700163c17840e4052eab8e30cf40af41ce602bfb8c0eb7c7ec0e109d6be1dba307e7b204e18e06a778f59a4 -DIST openssl-1.0.2n.tar.gz 5375802 SHA256 370babb75f278c39e0c50e8c4e7493bc0f18db6867478341a832a982fd15a8fe SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687 WHIRLPOOL a0034add5bb37616389fe1a1cca90622fadf1cc3e648e574dce0010d7a38a84e07d705cbc0fcbd28fd7c120c4852e9f5a419f42a6a55b33a06e2591bc1697d03 +DIST openssl-1.0.2-patches-1.4.tar.xz 12864 SHA256 281b3918e32a6db737365ddaafa5279dd14089b63d681570a72b704d10197d61 SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d WHIRLPOOL 4974556135febb4ab662547b7e6f87cff4787fdcd86efff5f6159dae7895528138ad75e7f7da038b25a063d787c2cc7af80be825e934b11355348e01bf7e79c3 +DIST openssl-1.0.2o.tar.gz 5329472 SHA256 ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd WHIRLPOOL b50a3f1756e67842bf4ccc233453dd294cc6a43070b5852974119f73cd957917dd1ae0d308b633e460979a635b1f4395c52c20d31f39f73731cca982cf2c3484 diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2n.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild similarity index 84% rename from sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2n.ebuild rename to sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild index e7025f9545..f54edbbadc 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2n.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild @@ -1,22 +1,24 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI="6" -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal systemd +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal -PATCH_SET="openssl-1.0.2-patches-1.0" +PATCH_SET="openssl-1.0.2-patches-1.4" MY_P=${P/_/-} DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" SRC_URI="mirror://openssl/source/${MY_P}.tar.gz mirror://gentoo/${PATCH_SET}.tar.xz - https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz" + https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz + https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz" LICENSE="openssl" SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" +RESTRICT="!bindist? ( bindist )" RDEPEND=">=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) @@ -100,11 +102,11 @@ multilib_src_configure() { tc-export CC AR RANLIB RC # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: Expired http://en.wikipedia.org/wiki/RC5 + # Camellia: Royalty Free https://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired https://en.wikipedia.org/wiki/MDC-2 + # RC5: Expired https://en.wikipedia.org/wiki/RC5 use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } echoit() { echo "$@" ; "$@" ; } @@ -138,6 +140,7 @@ multilib_src_configure() { ${sslout} \ $(use cpu_flags_x86_sse2 || echo "no-sse2") \ enable-camellia \ + $(use_ssl !bindist ec) \ ${ec_nistp_64_gcc_128} \ enable-idea \ enable-mdc2 \ @@ -208,6 +211,11 @@ multilib_src_install_all() { # twice; once with shared lib support enabled and once without. use static-libs || rm -f "${ED}"/usr/lib*/lib*.a + # create the certs directory + dodir ${SSL_CNF_DIR}/certs + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} + # Namespace openssl programs to prevent conflicts with other man pages cd "${ED}"/usr/share/man local m d s @@ -233,15 +241,12 @@ multilib_src_install_all() { dodir /etc/sandbox.d #254521 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - # Don't keep the sample CA files and their ilk in /etc. - rm -r "${ED}"${SSL_CNF_DIR} - - # Save the default openssl.cnf in /usr and link it into place. - dodir /usr/share/ssl - insinto /usr/share/ssl - doins "${S}"/apps/openssl.cnf - systemd_dotmpfilesd "${FILESDIR}"/openssl.conf - - # Package the tmpfiles.d setup for SDK bootstrapping. - systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_postinst() { + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null + eend $? } From 85794470431b042e7f3b7584a7620084bcc309e0 Mon Sep 17 00:00:00 2001 From: James Forcier Date: Tue, 26 Jun 2018 12:02:58 -0700 Subject: [PATCH 2/3] dev-libs/openssl: Apply CoreOS changes Port of f50deaff to openssl-1.0.2o. --- .../dev-libs/openssl/openssl-1.0.2o-r3.ebuild | 28 ++++++++----------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild index f54edbbadc..79caf98ecd 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2o-r3.ebuild @@ -3,7 +3,7 @@ EAPI="6" -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal systemd PATCH_SET="openssl-1.0.2-patches-1.4" MY_P=${P/_/-} @@ -17,8 +17,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz LICENSE="openssl" SLOT="0" KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" +IUSE="+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" RDEPEND=">=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) @@ -140,7 +139,6 @@ multilib_src_configure() { ${sslout} \ $(use cpu_flags_x86_sse2 || echo "no-sse2") \ enable-camellia \ - $(use_ssl !bindist ec) \ ${ec_nistp_64_gcc_128} \ enable-idea \ enable-mdc2 \ @@ -211,11 +209,6 @@ multilib_src_install_all() { # twice; once with shared lib support enabled and once without. use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - # Namespace openssl programs to prevent conflicts with other man pages cd "${ED}"/usr/share/man local m d s @@ -241,12 +234,15 @@ multilib_src_install_all() { dodir /etc/sandbox.d #254521 echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} + # Don't keep the sample CA files and their ilk in /etc. + rm -r "${ED}"${SSL_CNF_DIR} -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? + # Save the default openssl.cnf in /usr and link it into place. + dodir /usr/share/ssl + insinto /usr/share/ssl + doins "${S}"/apps/openssl.cnf + systemd_dotmpfilesd "${FILESDIR}"/openssl.conf + + # Package the tmpfiles.d setup for SDK bootstrapping. + systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf } From 264ce34b25be3a0a54e33cdfefdd2052b0974ed9 Mon Sep 17 00:00:00 2001 From: James Forcier Date: Tue, 26 Jun 2018 20:02:44 +0000 Subject: [PATCH 3/3] chore(metadata): Regenerate cache --- .../dev-libs/{openssl-1.0.2n => openssl-1.0.2o-r3} | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) rename sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/{openssl-1.0.2n => openssl-1.0.2o-r3} (68%) diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2n b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2o-r3 similarity index 68% rename from sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2n rename to sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2o-r3 index d7b34deda0..ed3ed79405 100644 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2n +++ b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/dev-libs/openssl-1.0.2o-r3 @@ -4,11 +4,11 @@ DESCRIPTION=full-strength general purpose cryptography library (including SSL an EAPI=6 HOMEPAGE=https://www.openssl.org/ IUSE=+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64 -KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux +KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux LICENSE=openssl PDEPEND=app-misc/ca-certificates RDEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) SLOT=0 -SRC_URI=mirror://openssl/source/openssl-1.0.2n.tar.gz mirror://gentoo/openssl-1.0.2-patches-1.0.tar.xz https://dev.gentoo.org/~whissi/dist/openssl/openssl-1.0.2-patches-1.0.tar.xz -_eclasses_=desktop 1b286a7e7143d8c4ec89cd0d2743a097 epatch 9a5f039771f143195164a15a4faa41a1 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 5b8ce72259e08104b337fe28c6de5dbc flag-o-matic 5128c4729303400bd8d4b0b966530955 ltprune 607e058da37aa6dabfa408b7d61da72e multibuild 35719a9cd25ec71ee49c966f6868454c multilib 97f470f374f2e94ccab04a2fb21d811e multilib-build 45f0e78dba7de5c77988265229b4402a multilib-minimal bfa1226d0f1fa0093d10b84acd029633 preserve-libs ef207dc62baddfddfd39a164d9797648 systemd 04e50685fbf3d89e5c67ac6a385dd595 toolchain-funcs 1e35303c63cd707f6c3422b4493d5607 vcs-clean 2a0f74a496fa2b1552c4f3398258b7bf -_md5_=21dcbaea28c8007113e2fbd62a42a8c9 +SRC_URI=mirror://openssl/source/openssl-1.0.2o.tar.gz mirror://gentoo/openssl-1.0.2-patches-1.4.tar.xz https://dev.gentoo.org/~whissi/dist/openssl/openssl-1.0.2-patches-1.4.tar.xz https://dev.gentoo.org/~polynomial-c/dist/openssl-1.0.2-patches-1.4.tar.xz +_eclasses_=epatch 8233751dc5105a6ae8fcd86ce2bb0247 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 227b041a120d309fdefbebb3b8c1dfa9 flag-o-matic 2274fcc1e7ef6affaff5bcd636275417 ltprune 2770eed66a9b8ef944714cd0e968182e multibuild 72647e255187a1fadc81097b3657e5c3 multilib 97f470f374f2e94ccab04a2fb21d811e multilib-build eed53a6313267c9fbcd35fc384bd0087 multilib-minimal 9139c3a57e077cb8e0d0f73ceb080b89 systemd 34815d3b76e745c5ca33eec9f95074c2 toolchain-funcs 185a06792159ca143528e7010368e8af +_md5_=c4338c372eb9630fcc6925a997f43e77