From def8d425401e29de38351f70be3c5b64fef78c10 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Mon, 27 Nov 2017 14:14:10 -0500
Subject: [PATCH] dev-libs/openssl: Sync with the latest Gentoo 1.0.2 ebuild

---
 .../coreos-overlay/dev-libs/openssl/Manifest  |  2 +-
 .../openssl/files/gentoo.config-1.0.2         |  1 -
 .../dev-libs/openssl/metadata.xml             |  2 +-
 ...1.0.2k-r2.ebuild => openssl-1.0.2m.ebuild} | 35 ++++++++++---------
 4 files changed, 21 insertions(+), 19 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/{openssl-1.0.2k-r2.ebuild => openssl-1.0.2m.ebuild} (92%)

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest
index 2f6a50fa86..4707417953 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest
@@ -1 +1 @@
-DIST openssl-1.0.2k.tar.gz 5309236 SHA256 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016 WHIRLPOOL ffa3d89a078db6829f1fff21779a19c87e059600162e6d7d3114b8440ba5fa7d1a08e04594b6ed8ab47e148782de299d7ec338f2ba2d466bf7737b0749f590cd
+DIST openssl-1.0.2m.tar.gz 5373776 SHA256 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f SHA512 7619aa223ee50d0f5e270ac9090e95b2b1ba5dfc656c98f625a9a277dda472fb960a4e89a7ba300044cb401b2072b2ca6a6fcce8206d927bf373d1c981806a93 WHIRLPOOL 0fa5ab02eb3ca8507b45c408739027f8632a77183a7355f8c31bcc5fedc507222e5cc44a4aff88b22fba87b69188f90465980c4a84bad1133287442ebd136a23
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2 b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2
index 0528c1c15b..9564452706 100755
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 #
 # Openssl doesn't play along nicely with cross-compiling
 # like autotools based projects, so let's teach it new tricks.
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/metadata.xml b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/metadata.xml
index 0ee764ebd0..5ca8d93d2f 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/metadata.xml
@@ -7,7 +7,7 @@
 </maintainer>
 <use>
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
- <flag name="bindist">Disable EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
  <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2k-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2m.ebuild
similarity index 92%
rename from sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2k-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2m.ebuild
index afec8a39f3..bb666d8ce6 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2k-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2m.ebuild
@@ -1,20 +1,20 @@
 # Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 
 EAPI="5"
 
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal systemd
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
+HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
@@ -143,6 +143,7 @@ multilib_src_configure() {
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
+		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
 		enable-mdc2 \
@@ -212,6 +213,11 @@ multilib_src_install_all() {
 	# twice; once with shared lib support enabled and once without.
 	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
 
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
 	# Namespace openssl programs to prevent conflicts with other man pages
 	cd "${ED}"/usr/share/man
 	local m d s
@@ -237,15 +243,12 @@ multilib_src_install_all() {
 	dodir /etc/sandbox.d #254521
 	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
 
-	# Don't keep the sample CA files and their ilk in /etc.
-	rm -r "${ED}"${SSL_CNF_DIR}
-
-	# Save the default openssl.cnf in /usr and link it into place.
-	dodir /usr/share/ssl
-	insinto /usr/share/ssl
-	doins "${S}"/apps/openssl.cnf
-	systemd_dotmpfilesd "${FILESDIR}"/openssl.conf
-
-	# Package the tmpfiles.d setup for SDK bootstrapping.
-	systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/openssl.conf
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
 }