toolchain.eclass: fix ada build with lto

[gentoo.git] / eclass / ssl-cert.eclass

diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass
index 053e10133633c5505d4d330007395ee9c792662e..0e7294f622999d79c2202789e43209e91a4353df 100644 (file)
--- a/eclass/ssl-cert.eclass
+++ b/eclass/ssl-cert.eclass
@@ -1,11 +1,11 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 
 # @ECLASS: ssl-cert.eclass
 # @MAINTAINER:
 # @AUTHOR:
 # Max Kalika <max@gentoo.org>
+# @SUPPORTED_EAPIS: 1 2 3 4 5 6 7
 # @BLURB: Eclass for SSL certificates
 # @DESCRIPTION:
 # This eclass implements a standard installation procedure for installing
@@ -13,6 +13,18 @@
 # @EXAMPLE:
 # "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
 
+# Guard against unsupported EAPIs.  We need EAPI >= 1 for slot dependencies.
+case "${EAPI:-0}" in
+       0)
+               die "${ECLASS}.eclass: EAPI=0 is not supported.  Please upgrade to EAPI >= 1."
+               ;;
+       1|2|3|4|5|6|7)
+               ;;
+       *)
+               die "${ECLASS}.eclass: EAPI=${EAPI} is not supported yet."
+               ;;
+esac
+
 # @ECLASS-VARIABLE: SSL_CERT_MANDATORY
 # @DESCRIPTION:
 # Set to non zero if ssl-cert is mandatory for ebuild.
@@ -30,11 +42,22 @@
 
 if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then
        if [[ "${SSL_CERT_MANDATORY}" == "0" ]]; then
-               DEPEND="${SSL_CERT_USE}? ( dev-libs/openssl )"
+               SSL_DEPEND="${SSL_CERT_USE}? ( || ( dev-libs/openssl:0 dev-libs/libressl:0 ) )"
                IUSE="${SSL_CERT_USE}"
        else
-               DEPEND="dev-libs/openssl"
+               SSL_DEPEND="|| ( dev-libs/openssl:0 dev-libs/libressl:0 )"
        fi
+
+       case "${EAPI}" in
+               1|2|3|4|5|6)
+                       DEPEND="${SSL_DEPEND}"
+               ;;
+               *)
+                       BDEPEND="${SSL_DEPEND}"
+               ;;
+       esac
+
+       unset SSL_DEPEND
 fi
 
 # @FUNCTION: gen_cnf
@@ -55,7 +78,8 @@ gen_cnf() {
 
        # These can be overridden in the ebuild
        SSL_DAYS="${SSL_DAYS:-730}"
-       SSL_BITS="${SSL_BITS:-1024}"
+       SSL_BITS="${SSL_BITS:-4096}"
+       SSL_MD="${SSL_MD:-sha256}"
        SSL_COUNTRY="${SSL_COUNTRY:-US}"
        SSL_STATE="${SSL_STATE:-California}"
        SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
@@ -113,8 +137,12 @@ get_base() {
 gen_key() {
        local base=$(get_base "$1")
        ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}"
-       openssl genrsa -rand "${SSL_RANDOM}" \
-               -out "${base}.key" "${SSL_BITS}" &> /dev/null
+       if openssl version | grep -i libressl > /dev/null; then
+               openssl genrsa -out "${base}.key" "${SSL_BITS}" &> /dev/null
+       else
+               openssl genrsa -rand "${SSL_RANDOM}" \
+                       -out "${base}.key" "${SSL_BITS}" &> /dev/null
+       fi
        eend $?
 
        return $?
@@ -151,6 +179,7 @@ gen_crt() {
        if [ "${1}" ] ; then
                ebegin "Generating self-signed X.509 Certificate for CA"
                openssl x509 -extfile "${SSL_CONF}" \
+                       -${SSL_MD} \
                        -days ${SSL_DAYS} -req -signkey "${base}.key" \
                        -in "${base}.csr" -out "${base}.crt" &>/dev/null
        else
@@ -158,7 +187,7 @@ gen_crt() {
                ebegin "Generating authority-signed X.509 Certificate"
                openssl x509 -extfile "${SSL_CONF}" \
                        -days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \
-                       -CAkey "${ca}.key" -CA "${ca}.crt" \
+                       -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \
                        -in "${base}.csr" -out "${base}.crt" &>/dev/null
        fi
        eend $?