mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-24 15:11:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-misc/curl: Sync with Gentoo

Browse Source 
It's from Gentoo commit d682a759788a14c1d3eea5bf48e0bff7d01f98d7.
This commit is contained in:
Flatcar Buildbot 2025-04-07 07:10:52 +00:00 committed by Krzesimir Nowak
parent 245d1c8101
commit eaf4c3ede7
5 changed files with 293 additions and 592 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sdk_container/src/third_party/portage-stable/net-misc/curl/Manifest vendored
View File

@ -1,6 +1,4 @@
DIST curl-8.11.1.tar.xz 2751236 BLAKE2B a87ec2c78c5d6daf44eee4cf8e3ed124849d067f6c63145205fda18f33ddd3adce386058ead8f9b713f8e595f5e059acd13479eb00edc226247aabd3c2234112 SHA512 7c7c47a49505575b610c56b455f0919ea5082a993bf5483eeb258ead167aadb87078d626b343b417dcfc5439c53556425c8fb4fe3b01b53a87b47c01686a3e57
DIST curl-8.11.1.tar.xz.asc 488 BLAKE2B 53d58ebb8ab722d8394b7ce94b646c876324cd89b3e47d9129bddcfbb6db338c1dbe93a5e72a25caf7be9ddd450c2b0832cfee17beb8ba701bdeefe653235d53 SHA512 c09bedb67e83fb8ca3ad73c5bd0d92fed7fc2c26dbe5a71cccb193fd151c7219713241a9fe74baefcd1d008cfafba78142bf04cec24dd4a88d67179184d35824
DIST curl-8.12.1.tar.xz 2768160 BLAKE2B 2b3e3d91041881c0951ad470736266105d3b9720440b808fe382baa493a30075aba52eb1d329fb1f148e27cd76290d82e121e7f4abf695f215456a10e26ade3e SHA512 88915468fa1bb7256e3dd6c9d058ada6894faa1e3e7800c7d9bfee3e8be4081ae57e7f2bf260c5342b709499fc4302ddc2d7864e25bfa3300fa07f118a3de603
DIST curl-8.12.1.tar.xz.asc 488 BLAKE2B 2a6563609c9f7ada84ca2c7048ad9406809eef4cc958760d2ab3d1b7be58d26247e579bd025870609e80ebb00295026aae30614b84e3a81bdf3ed3dbd0f5ed70 SHA512 41fc5582935090d13940d86974fdea3ea901dd5dab156c16029a87f811d2535172c59dc8dc366f2ffc37bcf85accbecb5aa765bc7b83c2991a3ef402bf25af69
DIST curl-8.13.0-rc3.tar.xz 2792136 BLAKE2B af18c877ca6e9fb3e75265f86b3f3416e12b4160b71de00dfb82d687f11f457faf2f7dddde557474631ac7148cada1add189ac4ed002c41745bd546309093312 SHA512 72c0e0b8b0bc9117ab911b97bab6b1502d877f5a72a34091b68e48c046e45dfd188f24f270c0200f4df3f1a70933ada00f3a73a0aa078ec2b125fa5a9294d33f
DIST curl-8.13.0-rc3.tar.xz.asc 488 BLAKE2B 8778af342578bace6ddea93c719fb74b8a9b85ffb53938f46888c48cb9eef53bd018b4df421c2ceaecae5a8058a32b3b058e7965ba8b092eb17fef69168ab3f4 SHA512 a2d94a898824fabc1c4834f9e5719fb65311d0f218f6170e80fe1a04c6f842f9fbf589d281767ab916f668ff7087bb318b819a1fb26790640df136f335ff3b99
DIST curl-8.13.0.tar.xz 2773628 BLAKE2B 6869634ad50f015d5c7526699034d5a3f27d9588bc32eacc8080dbd6c690f63b1f25cee40d3fdf8fd9dd8535c305ea9c5edf1d5a02bc6d9ce60fd8c88230aca0 SHA512 d266e460f162ee455b56726e5b7247b2d1aa5265ae12081513fc0c5c79e785a594097bc71d505dc9bcd2c2f6f1ff6f4bab9dbd9d120bb76d06c5be8521a8ca7d
DIST curl-8.13.0.tar.xz.asc 488 BLAKE2B bd568ec32a44ef7c14c38e4830bcc7711dac726e950325292f1e5de76e619839685300c5afac32330127324327e71ce0d6e574f6e95bcc4a48957345152bc86a SHA512 07f79c7fd7c305c96e10a5f52797254aed7d2a1f3577c8626b8d617855ceb82634ac6787bfa0b7130a4ed72c3a9945d3c9ba5b7be54df8bafa07ded1c62ef2be

384
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.11.1-r2.ebuild vendored
View File

@ -1,384 +0,0 @@
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
# Maintainers should subscribe to the 'curl-distros' ML for backports etc
# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
# https://lists.haxx.se/listinfo/curl-distros
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
DESCRIPTION="A Client that groks URLs"
HOMEPAGE="https://curl.se/"
if [[ ${PV} == 9999 ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/curl/curl.git"
else
SRC_URI="
https://curl.se/download/${P}.tar.xz
verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
"
KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
# These select the default tls implementation / which quic impl to use
IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
RESTRICT="!test? ( test )"
# Only one default ssl / quic provider can be enabled
# The default provider needs its USE satisfied
# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
REQUIRED_USE="
quic? (
^^ (
curl_quic_openssl
curl_quic_ngtcp2
)
http3
ssl
)
ssl? (
^^ (
curl_ssl_gnutls
curl_ssl_mbedtls
curl_ssl_openssl
curl_ssl_rustls
)
)
curl_quic_openssl? (
curl_ssl_openssl
quic
!gnutls
!mbedtls
!rustls
)
curl_quic_ngtcp2? (
curl_ssl_gnutls
quic
!mbedtls
!openssl
!rustls
)
curl_ssl_gnutls? ( gnutls )
curl_ssl_mbedtls? ( mbedtls )
curl_ssl_openssl? ( openssl )
curl_ssl_rustls? ( rustls )
http3? ( alt-svc quic )
"
# cURL's docs and CI/CD are great resources for confirming supported versions
# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
# However 'supported' vs 'works' are two entirely different things; be sane but
# don't be afraid to require a later version.
# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
RDEPEND="
>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
quic? (
curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] )
)
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
app-misc/ca-certificates
>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
dev-libs/nettle:=[${MULTILIB_USEDEP}]
)
mbedtls? (
app-misc/ca-certificates
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
>=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
"
DEPEND="${RDEPEND}"
BDEPEND="
dev-lang/perl
virtual/pkgconfig
test? (
sys-apps/diffutils
http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
)
verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
"
DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
MULTILIB_WRAPPED_HEADERS=(
/usr/include/curl/curlbuild.h
)
MULTILIB_CHOST_TOOLS=(
/usr/bin/curl-config
)
QA_CONFIG_IMPL_DECL_SKIP=(
__builtin_available
closesocket
CloseSocket
getpass_r
ioctlsocket
IoctlSocket
mach_absolute_time
setmode
_fseeki64
# custom AC_LINK_IFELSE code fails to link even without -Werror
OSSL_QUIC_client_method
)
PATCHES=(
"${FILESDIR}/${PN}-prefix-3.patch"
"${FILESDIR}/${PN}-respect-cflags-3.patch"
"${FILESDIR}/${P}-async-thread-close-eventfd.patch"
)
src_prepare() {
default
eprefixify curl-config.in
eautoreconf
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
local myconf=()
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl; then
myconf+=( --without-gnutls --without-mbedtls --without-rustls )
if use gnutls; then
multilib_is_native_abi && einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
if use mbedtls; then
multilib_is_native_abi && einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
if use openssl; then
multilib_is_native_abi && einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
if use rustls; then
multilib_is_native_abi && einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default SSL provided by gnutls"
myconf+=( --with-default-ssl-backend=gnutls )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
myconf+=( --with-default-ssl-backend=mbedtls )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default SSL provided by rustls"
myconf+=( --with-default-ssl-backend=rustls )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
else
myconf+=( --without-ssl )
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
myconf+=(
$(use_enable alt-svc)
--enable-basic-auth
--enable-bearer-auth
--enable-digest-auth
--enable-kerberos-auth
--enable-negotiate-auth
--enable-aws
--enable-dict
--disable-ech
--enable-file
$(use_enable ftp)
$(use_enable gopher)
$(use_enable hsts)
--enable-http
$(use_enable imap)
$(use_enable ldap)
$(use_enable ldap ldaps)
--enable-ntlm
$(use_enable pop3)
--enable-rt
--enable-rtsp
$(use_enable samba smb)
$(use_with ssh libssh2)
$(use_enable smtp)
$(use_enable telnet)
$(use_enable tftp)
--enable-tls-srp
$(use_enable adns ares)
--enable-cookies
--enable-dateparse
--enable-dnsshuffle
--enable-doh
--enable-symbol-hiding
--enable-http-auth
--enable-ipv6
--enable-largefile
--enable-manual
--enable-mime
--enable-netrc
$(use_enable progress-meter)
--enable-proxy
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--enable-pthreads
--enable-threaded-resolver
--disable-versioned-symbols
--without-amissl
--without-bearssl
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_with http2 nghttp2)
--without-hyper
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
$(use_with psl libpsl)
--without-msh3
$(use_with http3 nghttp3)
$(use_with curl_quic_ngtcp2 ngtcp2)
$(use_with curl_quic_openssl openssl-quic)
--without-quiche
$(use_with rtmp librtmp)
--without-schannel
--without-secure-transport
--without-test-caddy
--without-test-httpd
--without-test-nghttpx
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
if use debug; then
myconf+=(
--enable-debug
)
fi
if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
myconf+=(
--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
)
fi
if [[ ${CHOST} == *mingw* ]] ; then
myconf+=(
--disable-pthreads
)
fi
ECONF_SOURCE="${S}" econf "${myconf[@]}"
if ! multilib_is_native_abi; then
# Avoid building the client (we just want libcurl for multilib)
sed -i -e '/SUBDIRS/s:src::' Makefile || die
sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
fi
}
multilib_src_compile() {
default
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts
fi
}
# There is also a pytest harness that tests for bugs in some very specific
# situations; we can rely on upstream for this rather than adding additional test deps.
multilib_src_test() {
# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
# -v: verbose
# -a: keep going on failure (so we see everything that breaks, not just 1st test)
# -k: keep test files after completion
# -am: automake style TAP output
# -p: print logs if test fails
# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
# or just read https://github.com/curl/curl/tree/master/tests#run.
# Note: we don't run the testsuite for cross-compilation.
# Upstream recommend 7*nproc as a starting point for parallel tests, but
# this ends up breaking when nproc is huge (like -j80).
# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
# as most gentoo users don't have an 'ip6-localhost'
multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
}
multilib_src_install() {
emake DESTDIR="${D}" install
if multilib_is_native_abi; then
# Shell completions
! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
fi
}
multilib_src_install_all() {
einstalldocs
find "${ED}" -type f -name '*.la' -delete || die
rm -rf "${ED}"/etc/ || die
}
pkg_postinst() {
if use debug; then
ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
ewarn "hic sunt dracones; you have been warned."
fi
}

246
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.13.0_rc3.ebuild → sdk_container/src/third_party/portage-stable/net-misc/curl/curl-8.13.0.ebuild vendored
View File

@ -32,17 +32,29 @@ fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap"
IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test"
IUSE+=" telnet +tftp +websockets zstd"
# These select the default tls implementation / which quic impl to use
IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
RESTRICT="!test? ( test )"
# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to
# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested
# in addition to A and AAAA records.
# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?).
# HTTPS RR in cURL is a dependency for:
# - ECH (requires patched openssl or gnutls currently, enabled with rustls)
# - Fetching the ALPN list which should provide a better HTTP/3 experience.
# Only one default ssl / quic provider can be enabled
# The default provider needs its USE satisfied
# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
REQUIRED_USE="
ech? ( rustls )
httpsrr? ( adns )
quic? (
^^ (
curl_quic_openssl
@ -77,7 +89,7 @@ REQUIRED_USE="
curl_ssl_mbedtls? ( mbedtls )
curl_ssl_openssl? ( openssl )
curl_ssl_rustls? ( rustls )
http3? ( alt-svc quic )
http3? ( alt-svc httpsrr quic )
"
# cURL's docs and CI/CD are great resources for confirming supported versions
@ -104,6 +116,7 @@ RDEPEND="
)
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] )
sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
app-misc/ca-certificates
@ -115,10 +128,10 @@ RDEPEND="
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-1.0.2:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
>=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
>=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
>=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
@ -173,6 +186,57 @@ src_prepare() {
eautoreconf
}
# Generates TLS-related configure options based on USE flags.
# Outputs options suitable for appending to a configure options array.
_get_curl_tls_configure_opts() {
local tls_opts=()
local backend flag_name
for backend in gnutls mbedtls openssl rustls; do
if [[ "$backend" == "openssl" ]]; then
flag_name="ssl"
tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs")
else
flag_name="$backend"
fi
if use "$backend"; then
tls_opts+=( "--with-${flag_name}" )
else
# If a single backend is enabled, 'ssl' is required, openssl is the default / fallback
if ! [[ "$backend" == "openssl" ]]; then
tls_opts+=( "--without-${flag_name}" )
fi
fi
done
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default TLS backend: gnutls"
tls_opts+=( "--with-default-ssl-backend=gnutls" )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default TLS backend: mbedtls"
tls_opts+=( "--with-default-ssl-backend=mbedtls" )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default TLS backend: openssl"
tls_opts+=( "--with-default-ssl-backend=openssl" )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default TLS backend: rustls"
tls_opts+=( "--with-default-ssl-backend=rustls" )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
# Explicitly Disable unimplemented b
tls_opts+=(
--without-amissl
--without-bearssl
--without-wolfssl
)
printf "%s\n" "${tls_opts[@]}"
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
@ -181,128 +245,107 @@ multilib_src_configure() {
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl; then
myconf+=( --without-gnutls --without-mbedtls --without-rustls )
if use gnutls; then
multilib_is_native_abi && einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
if use mbedtls; then
multilib_is_native_abi && einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
if use openssl; then
multilib_is_native_abi && einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
if use rustls; then
multilib_is_native_abi && einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default SSL provided by gnutls"
myconf+=( --with-default-ssl-backend=gnutls )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
myconf+=( --with-default-ssl-backend=mbedtls )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default SSL provided by rustls"
myconf+=( --with-default-ssl-backend=rustls )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
local -a tls_backend_opts
readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts)
myconf+=("${tls_backend_opts[@]}")
else
myconf+=( --without-ssl )
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
# These configuration options are organised alphabetically by category/type
# Protocols
# `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort`
# Assume that anything omitted (that is not new!) is enabled by default with no deps
myconf+=(
$(use_enable alt-svc)
--enable-basic-auth
--enable-bearer-auth
--enable-digest-auth
--enable-kerberos-auth
--enable-negotiate-auth
--enable-aws
--enable-dict
--disable-ech
--enable-file
$(use_enable ftp)
$(use_enable gopher)
$(use_enable hsts)
--enable-http
$(use_enable imap)
$(use_enable ldap)
$(use_enable imap) # Automatic IMAPS if TLS is enabled
$(use_enable ldap ldaps)
--enable-ntlm
$(use_enable ldap)
$(use_enable pop3)
--enable-rt
--enable-rtsp
$(use_enable samba smb)
$(use_with ssh libssh2)
$(use_with ssh libssh2) # enables scp/sftp
$(use_with rtmp librtmp)
--enable-rtsp
$(use_enable smtp)
$(use_enable telnet)
$(use_enable tftp)
--enable-tls-srp
$(use_enable adns ares)
--enable-cookies
--enable-dateparse
--enable-dnsshuffle
--enable-doh
--enable-symbol-hiding
--enable-http-auth
--enable-ipv6
--enable-largefile
--enable-manual
--enable-mime
--enable-netrc
$(use_enable progress-meter)
--enable-proxy
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--disable-versioned-symbols
--without-amissl
--without-bearssl
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_enable websockets)
)
# Keep various 'HTTP-flavoured' options together
myconf+=(
$(use_enable alt-svc)
$(use_enable hsts)
$(use_enable httpsrr)
$(use_with http2 nghttp2)
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
$(use_with psl libpsl)
--without-msh3
$(use_with http3 nghttp3)
$(use_with curl_quic_ngtcp2 ngtcp2)
$(use_with curl_quic_openssl openssl-quic)
)
# --enable/disable options
# `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort`
myconf+=(
$(use_enable adns ares)
--enable-aws
--enable-basic-auth
--enable-bearer-auth
--enable-cookies
--enable-dateparse
--enable-dict
--enable-digest-auth
--enable-dnsshuffle
--enable-doh
$(use_enable ech)
--enable-http-auth
--enable-ipv6
--enable-kerberos-auth
--enable-largefile
--enable-manual
--enable-mime
--enable-negotiate-auth
--enable-netrc
--enable-ntlm
--enable-progress-meter
--enable-proxy
--enable-rt
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--enable-symbol-hiding
--enable-tls-srp
--disable-versioned-symbols
)
# --with/without options
# `grep -- --with configure | grep Check | awk '{ print $4 }' | sort`
myconf+=(
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
$(use_with sasl-scram libgsasl)
$(use_with psl libpsl)
--without-msh3
--without-quiche
$(use_with rtmp librtmp)
--without-schannel
--without-secure-transport
--without-winidn
--with-zlib
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
$(use_with zstd)
)
# Test deps (disabled)
myconf+=(
--without-test-caddy
--without-test-httpd
--without-test-nghttpx
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
if use debug; then
@ -319,8 +362,7 @@ multilib_src_configure() {
# Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
# This is in support of some work to enable `httpsrr` to use adns and the rest
# of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
# when the time comes.
# of curl to use the threaded resolver; for us `httpsrr` is conditional on adns.
if use adns; then
myconf+=(
--disable-threaded-resolver

246
sdk_container/src/third_party/portage-stable/net-misc/curl/curl-9999.ebuild vendored
View File

@ -32,17 +32,29 @@ fi
LICENSE="BSD curl ISC test? ( BSD-4 )"
SLOT="0"
IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
IUSE="+adns +alt-svc brotli debug ech +ftp gnutls gopher +hsts +http2 +http3 +httpsrr idn +imap kerberos ldap"
IUSE+=" mbedtls +openssl +pop3 +psl +quic rtmp rustls samba sasl-scram +smtp ssh ssl static-libs test"
IUSE+=" telnet +tftp +websockets zstd"
# These select the default tls implementation / which quic impl to use
IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
RESTRICT="!test? ( test )"
# HTTPS RR is technically usable with the threaded resolver, but it still uses c-ares to
# ask for the HTTPS RR record type; if DoH is in use the HTTPS record will be requested
# in addition to A and AAAA records.
# To simplify dependency management in the ebuild we'll require c-ares for HTTPS RR (for now?).
# HTTPS RR in cURL is a dependency for:
# - ECH (requires patched openssl or gnutls currently, enabled with rustls)
# - Fetching the ALPN list which should provide a better HTTP/3 experience.
# Only one default ssl / quic provider can be enabled
# The default provider needs its USE satisfied
# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
REQUIRED_USE="
ech? ( rustls )
httpsrr? ( adns )
quic? (
^^ (
curl_quic_openssl
@ -77,7 +89,7 @@ REQUIRED_USE="
curl_ssl_mbedtls? ( mbedtls )
curl_ssl_openssl? ( openssl )
curl_ssl_rustls? ( rustls )
http3? ( alt-svc quic )
http3? ( alt-svc httpsrr quic )
"
# cURL's docs and CI/CD are great resources for confirming supported versions
@ -104,6 +116,7 @@ RDEPEND="
)
rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
ssh? ( >=net-libs/libssh2-1.2.8[${MULTILIB_USEDEP}] )
sasl-scram? ( >=net-misc/gsasl-2.2.0[static-libs?,${MULTILIB_USEDEP}] )
ssl? (
gnutls? (
app-misc/ca-certificates
@ -115,10 +128,10 @@ RDEPEND="
net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
)
openssl? (
>=dev-libs/openssl-1.0.2:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
>=dev-libs/openssl-1.0.2:=[static-libs?,${MULTILIB_USEDEP}]
)
rustls? (
>=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
>=net-libs/rustls-ffi-0.15.0:=[${MULTILIB_USEDEP}]
)
)
zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
@ -173,6 +186,57 @@ src_prepare() {
eautoreconf
}
# Generates TLS-related configure options based on USE flags.
# Outputs options suitable for appending to a configure options array.
_get_curl_tls_configure_opts() {
local tls_opts=()
local backend flag_name
for backend in gnutls mbedtls openssl rustls; do
if [[ "$backend" == "openssl" ]]; then
flag_name="ssl"
tls_opts+=( "--with-ca-path=${EPREFIX}/etc/ssl/certs")
else
flag_name="$backend"
fi
if use "$backend"; then
tls_opts+=( "--with-${flag_name}" )
else
# If a single backend is enabled, 'ssl' is required, openssl is the default / fallback
if ! [[ "$backend" == "openssl" ]]; then
tls_opts+=( "--without-${flag_name}" )
fi
fi
done
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default TLS backend: gnutls"
tls_opts+=( "--with-default-ssl-backend=gnutls" )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default TLS backend: mbedtls"
tls_opts+=( "--with-default-ssl-backend=mbedtls" )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default TLS backend: openssl"
tls_opts+=( "--with-default-ssl-backend=openssl" )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default TLS backend: rustls"
tls_opts+=( "--with-default-ssl-backend=rustls" )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
# Explicitly Disable unimplemented b
tls_opts+=(
--without-amissl
--without-bearssl
--without-wolfssl
)
printf "%s\n" "${tls_opts[@]}"
}
multilib_src_configure() {
# We make use of the fact that later flags override earlier ones
# So start with all ssl providers off until proven otherwise
@ -181,128 +245,107 @@ multilib_src_configure() {
myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
if use ssl; then
myconf+=( --without-gnutls --without-mbedtls --without-rustls )
if use gnutls; then
multilib_is_native_abi && einfo "SSL provided by gnutls"
myconf+=( --with-gnutls )
fi
if use mbedtls; then
multilib_is_native_abi && einfo "SSL provided by mbedtls"
myconf+=( --with-mbedtls )
fi
if use openssl; then
multilib_is_native_abi && einfo "SSL provided by openssl"
myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
fi
if use rustls; then
multilib_is_native_abi && einfo "SSL provided by rustls"
myconf+=( --with-rustls )
fi
if use curl_ssl_gnutls; then
multilib_is_native_abi && einfo "Default SSL provided by gnutls"
myconf+=( --with-default-ssl-backend=gnutls )
elif use curl_ssl_mbedtls; then
multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
myconf+=( --with-default-ssl-backend=mbedtls )
elif use curl_ssl_openssl; then
multilib_is_native_abi && einfo "Default SSL provided by openssl"
myconf+=( --with-default-ssl-backend=openssl )
elif use curl_ssl_rustls; then
multilib_is_native_abi && einfo "Default SSL provided by rustls"
myconf+=( --with-default-ssl-backend=rustls )
else
eerror "We can't be here because of REQUIRED_USE."
die "Please file a bug, hit impossible condition w/ USE=ssl handling."
fi
local -a tls_backend_opts
readarray -t tls_backend_opts < <(_get_curl_tls_configure_opts)
myconf+=("${tls_backend_opts[@]}")
else
myconf+=( --without-ssl )
einfo "SSL disabled"
fi
# These configuration options are organized alphabetically
# within each category. This should make it easier if we
# ever decide to make any of them contingent on USE flags:
# 1) protocols first. To see them all do
# 'grep SUPPORT_PROTOCOLS configure.ac'
# 2) --enable/disable options second.
# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
# 3) --with/without options third.
# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
# These configuration options are organised alphabetically by category/type
# Protocols
# `grep SUPPORT_PROTOCOLS=\" configure.ac | awk '{ print substr($2, 1, length($2)-1)}' | sort`
# Assume that anything omitted (that is not new!) is enabled by default with no deps
myconf+=(
$(use_enable alt-svc)
--enable-basic-auth
--enable-bearer-auth
--enable-digest-auth
--enable-kerberos-auth
--enable-negotiate-auth
--enable-aws
--enable-dict
--disable-ech
--enable-file
$(use_enable ftp)
$(use_enable gopher)
$(use_enable hsts)
--enable-http
$(use_enable imap)
$(use_enable ldap)
$(use_enable imap) # Automatic IMAPS if TLS is enabled
$(use_enable ldap ldaps)
--enable-ntlm
$(use_enable ldap)
$(use_enable pop3)
--enable-rt
--enable-rtsp
$(use_enable samba smb)
$(use_with ssh libssh2)
$(use_with ssh libssh2) # enables scp/sftp
$(use_with rtmp librtmp)
--enable-rtsp
$(use_enable smtp)
$(use_enable telnet)
$(use_enable tftp)
--enable-tls-srp
$(use_enable adns ares)
--enable-cookies
--enable-dateparse
--enable-dnsshuffle
--enable-doh
--enable-symbol-hiding
--enable-http-auth
--enable-ipv6
--enable-largefile
--enable-manual
--enable-mime
--enable-netrc
$(use_enable progress-meter)
--enable-proxy
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--disable-versioned-symbols
--without-amissl
--without-bearssl
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_enable websockets)
)
# Keep various 'HTTP-flavoured' options together
myconf+=(
$(use_enable alt-svc)
$(use_enable hsts)
$(use_enable httpsrr)
$(use_with http2 nghttp2)
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
--without-libgsasl
$(use_with psl libpsl)
--without-msh3
$(use_with http3 nghttp3)
$(use_with curl_quic_ngtcp2 ngtcp2)
$(use_with curl_quic_openssl openssl-quic)
)
# --enable/disable options
# `grep -- --enable configure | grep Check | awk '{ print $4 }' | sort`
myconf+=(
$(use_enable adns ares)
--enable-aws
--enable-basic-auth
--enable-bearer-auth
--enable-cookies
--enable-dateparse
--enable-dict
--enable-digest-auth
--enable-dnsshuffle
--enable-doh
$(use_enable ech)
--enable-http-auth
--enable-ipv6
--enable-kerberos-auth
--enable-largefile
--enable-manual
--enable-mime
--enable-negotiate-auth
--enable-netrc
--enable-ntlm
--enable-progress-meter
--enable-proxy
--enable-rt
--enable-socketpair
--disable-sspi
$(use_enable static-libs static)
--enable-symbol-hiding
--enable-tls-srp
--disable-versioned-symbols
)
# --with/without options
# `grep -- --with configure | grep Check | awk '{ print $4 }' | sort`
myconf+=(
$(use_with brotli)
--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
$(use_with idn libidn2)
$(use_with kerberos gssapi "${EPREFIX}"/usr)
$(use_with sasl-scram libgsasl)
$(use_with psl libpsl)
--without-msh3
--without-quiche
$(use_with rtmp librtmp)
--without-schannel
--without-secure-transport
--without-winidn
--with-zlib
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
$(use_with zstd)
)
# Test deps (disabled)
myconf+=(
--without-test-caddy
--without-test-httpd
--without-test-nghttpx
$(use_enable websockets)
--without-winidn
--without-wolfssl
--with-zlib
$(use_with zstd)
--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
)
if use debug; then
@ -319,8 +362,7 @@ multilib_src_configure() {
# Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
# This is in support of some work to enable `httpsrr` to use adns and the rest
# of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
# when the time comes.
# of curl to use the threaded resolver; for us `httpsrr` is conditional on adns.
if use adns; then
myconf+=(
--disable-threaded-resolver

3
sdk_container/src/third_party/portage-stable/net-misc/curl/metadata.xml vendored
View File

@ -11,6 +11,7 @@
</maintainer>
<use>
<flag name="alt-svc">Enable alt-svc support</flag>
<flag name="ech">Enable Encrypted Client Hello support</flag>
<flag name="ftp">Enable FTP support</flag>
<flag name="gnutls">Enable gnutls ssl backend</flag>
<flag name="gopher">Enable Gopher protocol support</flag>
@ -18,6 +19,7 @@
<flag name="imap">Enable Internet Message Access Protocol support</flag>
<flag name="mbedtls">Enable mbedtls ssl backend</flag>
<flag name="http3">Enable HTTP/3 support</flag>
<flag name="httpsrr">Enable HTTPS Resource Record support</flag>
<flag name="openssl">Enable openssl ssl backend</flag>
<flag name="pop3">Enable Post Office Protocol 3 support</flag>
<flag name="progress-meter">Enable the progress meter</flag>
@ -25,6 +27,7 @@
<flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag>
<flag name="rtmp">Enable RTMP Streaming Media support</flag>
<flag name="rustls">Enable Rustls ssl backend</flag>
<flag name="sasl-scram">Enable snupport for additional SASL SCRAM-SHA authentication methods via <pkg>net-misc/gsasl</pkg></flag>
<flag name="smtp">Enable Simple Mail Transfer Protocol support</flag>
<flag name="ssh">Enable SSH urls in curl using libssh2</flag>
<flag name="ssl">Enable crypto engine support (via openssl if USE='-gnutls -nss')</flag>