-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Id$
# @ECLASS: ssl-cert.eclass
# @MAINTAINER:
# @AUTHOR:
# Max Kalika <max@gentoo.org>
+# @SUPPORTED_EAPIS: 1 2 3 4 5 6 7
# @BLURB: Eclass for SSL certificates
# @DESCRIPTION:
# This eclass implements a standard installation procedure for installing
# @EXAMPLE:
# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
+# Guard against unsupported EAPIs. We need EAPI >= 1 for slot dependencies.
+case "${EAPI:-0}" in
+ 0)
+ die "${ECLASS}.eclass: EAPI=0 is not supported. Please upgrade to EAPI >= 1."
+ ;;
+ 1|2|3|4|5|6|7)
+ ;;
+ *)
+ die "${ECLASS}.eclass: EAPI=${EAPI} is not supported yet."
+ ;;
+esac
+
# @ECLASS-VARIABLE: SSL_CERT_MANDATORY
# @DESCRIPTION:
# Set to non zero if ssl-cert is mandatory for ebuild.
if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then
if [[ "${SSL_CERT_MANDATORY}" == "0" ]]; then
- DEPEND="${SSL_CERT_USE}? ( dev-libs/openssl:0 )"
+ SSL_DEPEND="${SSL_CERT_USE}? ( || ( dev-libs/openssl:0 dev-libs/libressl:0 ) )"
IUSE="${SSL_CERT_USE}"
else
- DEPEND="dev-libs/openssl:0"
+ SSL_DEPEND="|| ( dev-libs/openssl:0 dev-libs/libressl:0 )"
fi
+
+ case "${EAPI}" in
+ 1|2|3|4|5|6)
+ DEPEND="${SSL_DEPEND}"
+ ;;
+ *)
+ BDEPEND="${SSL_DEPEND}"
+ ;;
+ esac
+
+ unset SSL_DEPEND
fi
# @FUNCTION: gen_cnf
# These can be overridden in the ebuild
SSL_DAYS="${SSL_DAYS:-730}"
- SSL_BITS="${SSL_BITS:-1024}"
+ SSL_BITS="${SSL_BITS:-4096}"
+ SSL_MD="${SSL_MD:-sha256}"
SSL_COUNTRY="${SSL_COUNTRY:-US}"
SSL_STATE="${SSL_STATE:-California}"
SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
gen_key() {
local base=$(get_base "$1")
ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}"
- openssl genrsa -rand "${SSL_RANDOM}" \
- -out "${base}.key" "${SSL_BITS}" &> /dev/null
+ if openssl version | grep -i libressl > /dev/null; then
+ openssl genrsa -out "${base}.key" "${SSL_BITS}" &> /dev/null
+ else
+ openssl genrsa -rand "${SSL_RANDOM}" \
+ -out "${base}.key" "${SSL_BITS}" &> /dev/null
+ fi
eend $?
return $?
if [ "${1}" ] ; then
ebegin "Generating self-signed X.509 Certificate for CA"
openssl x509 -extfile "${SSL_CONF}" \
+ -${SSL_MD} \
-days ${SSL_DAYS} -req -signkey "${base}.key" \
-in "${base}.csr" -out "${base}.crt" &>/dev/null
else
ebegin "Generating authority-signed X.509 Certificate"
openssl x509 -extfile "${SSL_CONF}" \
-days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \
- -CAkey "${ca}.key" -CA "${ca}.crt" \
+ -CAkey "${ca}.key" -CA "${ca}.crt" -${SSL_MD} \
-in "${base}.csr" -out "${base}.crt" &>/dev/null
fi
eend $?