Remove IDEA algos from USE=bindist #398439 by Ulrich Müller. Update EAPI and static...

Package-Manager: portage-2.2.0_alpha84/cvs/Linux x86_64

diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index 15634efe63a3713fef0357d078cfbeafac92b36c..325ce359aa438a93c585b454ba723addf425af87 100644 (file)
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.413 2012/01/04 21:44:48 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.414 2012/01/11 00:12:23 vapier Exp $
+
+*openssl-1.0.0f-r1 (11 Jan 2012)
+*openssl-0.9.8s-r1 (11 Jan 2012)
+
+  11 Jan 2012; Mike Frysinger <vapier@gentoo.org> +openssl-0.9.8s-r1.ebuild,
+  +openssl-1.0.0f-r1.ebuild, metadata.xml:
+  Remove IDEA algos from USE=bindist #398439 by Ulrich Müller. Update EAPI and
+  static-libs dep so we can work with older versions of zlib #397695#3.
 
 *openssl-1.0.0f (04 Jan 2012)
 *openssl-0.9.8s (04 Jan 2012)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 0ade7ee63b1e15266630235636949c0e71297f72..78ff8031dee9da5b7b1a5c4c7689ea317c0db89e 100644 (file)
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -21,27 +21,29 @@ DIST openssl-1.0.0e.tar.gz 4040229 RMD160 f7b7c8146592bb0924f145b1e3382b5a1d9283
 DIST openssl-1.0.0f.tar.gz 4043367 RMD160 4eb32bc51a86b28f6c0c159e421786d51bf441bd SHA1 f087190fc7702f328324aaa89c297cab6e236564 SHA256 faf1eab0ef85fd6c3beca271c356b31b5cc831e2c6b7f23cf672e7ab4680fde1
 DIST openssl-c_rehash.sh.1.7 4167 RMD160 c87f12c5421593d160f0cc650921c2e3412869ab SHA1 54493c80be245f2da9b7d303e49d613d376d9609 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0
 EBUILD openssl-0.9.8r.ebuild 4333 RMD160 d5e1a4a4faedf3e68e20761cb2468ddcf8121f5d SHA1 cc345cc8e8bd9e9ed814d507fe4e28293bf13aa5 SHA256 a0dcfa504c84f50b4f6dfa23516050ff5b6f2d021e1ec1235fb351d7ff8089b0
+EBUILD openssl-0.9.8s-r1.ebuild 4325 RMD160 42816a8e188f8793674df720d29317bce95c787d SHA1 3be820f2168cfe930f43883b12bafd8aa6b22859 SHA256 e0450861dfa19c0f9378c13c0c02a19c530a929f255e143cf283c93d40dfdb9c
 EBUILD openssl-0.9.8s.ebuild 4335 RMD160 0891876b882a9bdb93fec077f686b88dd6516738 SHA1 d06380fa3e57884842c9a424adeba61243a9060a SHA256 0817080b75a3b81b6b5c7273a5847ee56fb1d832149b0a242870a4feb529aad8
 EBUILD openssl-1.0.0d.ebuild 6003 RMD160 4cb7181c77cdc21ddbfb3a60d77e68b7d8f8124a SHA1 526d04deaf20e0996b8631ace4d2a31a3d0ada46 SHA256 fbba52f0436c9ec4d30d878a7be80a58e9a52adea2de309632643e38c392c4bc
 EBUILD openssl-1.0.0e-r1.ebuild 6925 RMD160 5d251388f5983672c41129a2bbe731aa67e91b69 SHA1 0892e7b7339149d6ad71f39b1c1491fca9ad3633 SHA256 cd2abb82067530d26ac77511b9e18fcb0e0e4374e60e5ae56f6e17c176c5e643
 EBUILD openssl-1.0.0e.ebuild 5921 RMD160 f211cdbd3cd7ce275abfe77453c514a968a6cc82 SHA1 e7a8dfb4a6e273eddc492a89017ab0120d34694f SHA256 99cd020f77ab655b566faf79271411aa8400717dca6bdf4fd5bd6e5c3727e642
+EBUILD openssl-1.0.0f-r1.ebuild 6921 RMD160 144ebeeec85e276b21a16b274cb6fc35cae27217 SHA1 d711bc24aeea9baa50c1fd9fb9a1b434a72ddd53 SHA256 e193454bc1c18b899e4e9eee8090fe34e749303988494fa904ba8118792008bb
 EBUILD openssl-1.0.0f.ebuild 6922 RMD160 a91e88a91c36ee689442d15b779d7f9b3b31a634 SHA1 452ee8a70c0e34f577f024f5ae927e35243ad44e SHA256 0a0de0eecf49995c6094802116c1a4319261129b2263e1025d6205716803d7ec
-MISC ChangeLog 62313 RMD160 5357a21ad7e568338689e9037810e13bc31cae00 SHA1 6bae8efba0a5bb4e2179f9ee04a78b8da2ed3ac1 SHA256 1d48423f24c2bf2939017479070b680e51bbffb3e8bacdc82f7e38fced42b101
-MISC metadata.xml 379 RMD160 97a0177e2e7305dfd73868b18c491fd6b7521715 SHA1 4b2524bfdcccd8edf66d3997c4a630f8f801a00b SHA256 b5da3aee1fe909f620781eed44ce964b2fcb2ec9030d2ad985cdee610c6001b7
+MISC ChangeLog 62653 RMD160 dcd95fa68dc55cf371a77545df370ebcff755795 SHA1 cf438cdc8a8f1bc3f5a0ce9e1c8ad3e955da0b01 SHA256 96654a1358a49617135f9c32be2ce6c25ec3dd6b8a72b2bdace18f265301548e
+MISC metadata.xml 374 RMD160 9aeb5b3f983a6274f0aa03bd395b7d12b937ca62 SHA1 bc9aa89e74d572266aef36b2f17101098d11997d SHA256 ce29618473c02511695f6767087277e246b2d252ef6e662dbc65e9df44722f5b
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
-iQIcBAEBAgAGBQJPBMhsAAoJELEHsLL7fEFWt2cP/2h++UnAmMtG784HJyvH8716
-HzTGiggKQCscfUMvgQceB3ksSZ7DekqEek9I69qthPbYiU4NGyD0RGF82cBG7tuP
-iEH/1ZPbJsfRZMzm8WS+JFu/Uvy+XFNOtk3GutLAOs5sLS6tOvGd6fj/hSf1BZTe
-QNdfnpOg8stUaNk+J8ZPrIse2oZDuB6UGETd2xPWZwyj2ExJWD4uWhFRkPV1EmU6
-f8u4QYzmpYgyNf29zvj54GzqEfmZ0Uht9oSFDPN5vW6bL5TEIGSotCASIZdaBsfW
-0EnGEQoFxUnpVLtk+pi6NHbF8MXDILVK1YtMDpRU4zVRyE3avkYWWKFD+Y5mnkJA
-PpV1WcsHJAVeuZ+D1y9cTn+RnYCH7b89QjvObs1f3O0ztDBzmUEkyq8Zr2cyMfpv
-o3ak1CrR/3Q8fP/HTbyIUCSGUnjYhwcBhA4nu6wIx/jO2K2Lrvyi76vvh6jD+71s
-1AK0m1KqKlyE4J1Sc6FTG3gUVFL709Uww/59OqragpgzRWlIKjGANImll1NoBko1
-eG5r8Cywgug5Dk4YHfMry3o4IBGsGNf59zbaIvUPT9FxfWRb4hZP0CY74eipSKbz
-lIZF3UXlomMaS0A+OHlsWPmhPCWjwRasYnks2yrUhibuOxD/5RW4KhXH+2Z4CaEl
-VXHnv7+rP3i/5xlVMHAZ
-=Pm28
+iQIcBAEBAgAGBQJPDNPwAAoJELEHsLL7fEFWXx0QAITpJVoBhgMK7U2r1BBsXdMS
+7kMeQystfcpU83XuKU798Ze6lC57oqta2MsI5GFjhvbLd3UBaQEz23srPMJdn44Z
+jFvHhN1nkTG6E9xG3qSJ7leEOfKiUOzPMZ4w3/xNgah7JR2Wh0XG1UzFQwrOr8Ji
+aec45Y+pywsFoIcbJxc31IZUilh1Pmxs8bXUJMoA61zP0slq+x+BJ+nzUAUoY1cn
+VceS/OiuZjHCyOX86yZeuB+5N070uQ4bgc63U0VeMo1PAR3W4IyARISfjv8PMqKR
+uldrI2K541PZOCkywlztw3MW7rIcdFxDbYVgZ6nuF5OKFpfJexkXpJX5QmZ068Gy
+ggL7sTU2gE8V4G49ASOHWcFgBIe25ju28TRXYAEOtaDLYVNdxfUpq7P+uiODYxA8
+um0YTka+1Jcs28drT7vrJhh+gYl6YNgPEWv80xfaA3RugCsZc3Rkv8gFp6JmybKB
+HhTU+CfP6NH/xTp8nFwHCjCLmBBYP4vtIP3bBhJRlzyCMCdSwc//4H48MdxdYk5d
+COLZYKWkZE8RYrTttLn3uK3EedAKmlsQljsifg3lM5/2qgiiEabwfrV0eDIuqCXn
+eWP9cyDawyXSZIEcnr2iTzqDfoZ59PXXQ/9Paf6mEeMvkNLExKdeWM5q12Q7hA98
+hPUvihWPdkZHct8dMAmg
+=vhH7
 -----END PGP SIGNATURE-----

diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index 84e41a4bf7c2269f3b02888cc302df013707e3f1..c3a999778525fc80c3d1b1385a9dbc26c93e2cd4 100644 (file)
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -3,7 +3,7 @@
 <pkgmetadata>
 <herd>base-system</herd>
 <use>
- <flag name='bindist'>Disable EC/IDEA/RC5 algorithms (as they seem to be patented)</flag>
+ <flag name='bindist'>Disable EC/RC5 algorithms (as they seem to be patented)</flag>
  <flag name='rfc3779'>Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
 </use>
 </pkgmetadata>

diff --git a/dev-libs/openssl/openssl-0.9.8s-r1.ebuild b/dev-libs/openssl/openssl-0.9.8s-r1.ebuild
new file mode 100644 (file)
index 0000000..4c677fa
--- /dev/null
+++ b/dev-libs/openssl/openssl-0.9.8s-r1.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8s-r1.ebuild,v 1.1 2012/01/11 00:12:23 vapier Exp $
+
+# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
+
+EAPI="2"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0.9.8"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="bindist gmp kerberos sse2 test zlib"
+
+RDEPEND="gmp? ( dev-libs/gmp )
+       zlib? ( sys-libs/zlib )
+       kerberos? ( app-crypt/mit-krb5 )
+       !=dev-libs/openssl-0.9.8*:0"
+DEPEND="${RDEPEND}
+       sys-apps/diffutils
+       >=dev-lang/perl-5
+       test? ( sys-devel/bc )"
+
+pkg_setup() {
+       # avoid collisions with openssl-1 (preserve lib)
+       if ! has_version dev-libs/openssl:${SLOT} ; then
+               ewarn "Removing lib{crypto,ssl}.so.0.9.8 to avoid collision with openssl-1"
+               rm -f "${ROOT}"/usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+       fi
+}
+
+src_prepare() {
+       epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
+       epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
+       epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
+
+       # disable fips in the build
+       # make sure the man pages are suffixed #302165
+       # don't bother building man pages if they're disabled
+       sed -i \
+               -e '/DIRS/s: fips : :g' \
+               -e '/^MANSUFFIX/s:=.*:=ssl:' \
+               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+               -e $(has noman FEATURES \
+                       && echo '/^install:/s:install_docs::' \
+                       || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
+               Makefile{,.org} \
+               || die
+       # show the actual commands in the log
+       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+       # update the enginedir path
+       sed -i \
+               -e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
+               Configure || die
+
+       # allow openssl to be cross-compiled
+       cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
+       chmod a+rx gentoo.config
+
+       append-flags -fno-strict-aliasing
+       append-flags -Wa,--noexecstack
+
+       sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
+       sed -i '/^"debug-steve/d' Configure # 0.9.8k shipped broken
+       ./config --test-sanity || die "I AM NOT SANE"
+}
+
+src_configure() {
+       unset APPS #197996
+       unset SCRIPTS #312551
+
+       tc-export CC AR RANLIB
+
+       # Clean out patent-or-otherwise-encumbered code
+       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+
+       use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
+       echoit() { echo "$@" ; "$@" ; }
+
+       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+       local sslout=$(./gentoo.config)
+       einfo "Use configuration ${sslout:-(openssl knows best)}"
+       local config="Configure"
+       [[ -z ${sslout} ]] && config="config"
+       echoit \
+       ./${config} \
+               ${sslout} \
+               $(use sse2 || echo "no-sse2") \
+               enable-camellia \
+               $(use_ssl !bindist ec) \
+               enable-idea \
+               enable-mdc2 \
+               $(use_ssl !bindist rc5) \
+               enable-tlsext \
+               $(use_ssl gmp gmp -lgmp) \
+               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+               $(use_ssl zlib) \
+               --prefix=/usr \
+               --openssldir=/etc/ssl \
+               shared threads \
+               || die "Configure failed"
+
+       # Clean out hardcoded flags that openssl uses
+       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+               -e 's:^CFLAG=::' \
+               -e 's:-fomit-frame-pointer ::g' \
+               -e 's:-O[0-9] ::g' \
+               -e 's:-march=[-a-z0-9]* ::g' \
+               -e 's:-mcpu=[-a-z0-9]* ::g' \
+               -e 's:-m[a-z0-9]* ::g' \
+       )
+       sed -i \
+               -e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
+               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+               Makefile || die
+}
+
+src_compile() {
+       # depend is needed to use $confopts
+       emake -j1 depend || die "depend failed"
+       emake -j1 build_libs || die "make build_libs failed"
+}
+
+src_test() {
+       emake -j1 test || die "make test failed"
+}
+
+src_install() {
+       dolib.so lib{crypto,ssl}.so.0.9.8 || die
+}

diff --git a/dev-libs/openssl/openssl-1.0.0f-r1.ebuild b/dev-libs/openssl/openssl-1.0.0f-r1.ebuild
new file mode 100644 (file)
index 0000000..4c72857
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.0f-r1.ebuild
@@ -0,0 +1,209 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.0f-r1.ebuild,v 1.1 2012/01/11 00:12:23 vapier Exp $
+
+EAPI="4"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+REV="1.7"
+DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${P}.tar.gz
+       http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/~checkout~/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test zlib"
+
+# Have the sub-libs in RDEPEND with [static-libs] since, logically,
+# our libssl.a depends on libz.a/etc... at runtime.
+LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] )
+       zlib? ( sys-libs/zlib[static-libs(+)] )
+       kerberos? ( app-crypt/mit-krb5 )"
+RDEPEND="static-libs? ( ${LIB_DEPEND} )
+       !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="${RDEPEND}
+       sys-apps/diffutils
+       >=dev-lang/perl-5
+       test? ( sys-devel/bc )"
+PDEPEND="app-misc/ca-certificates"
+
+src_unpack() {
+       unpack ${P}.tar.gz
+       cp "${DISTDIR}"/${PN}-c_rehash.sh.${REV} "${WORKDIR}"/c_rehash || die
+}
+
+src_prepare() {
+       # Make sure we only ever touch Makefile.org and avoid patching a file
+       # that gets blown away anyways by the Configure script in src_configure
+       rm -f Makefile
+
+       epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+       epatch "${FILESDIR}"/${PN}-1.0.0d-fbsd-amd64.patch #363089
+       epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
+       epatch "${FILESDIR}"/${PN}-1.0.0e-pkg-config.patch
+       epatch "${FILESDIR}"/${PN}-1.0.0e-parallel-build.patch
+       epatch "${FILESDIR}"/${PN}-1.0.0e-x32.patch
+       epatch_user #332661
+
+       # disable fips in the build
+       # make sure the man pages are suffixed #302165
+       # don't bother building man pages if they're disabled
+       sed -i \
+               -e '/DIRS/s: fips : :g' \
+               -e '/^MANSUFFIX/s:=.*:=ssl:' \
+               -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+               -e $(has noman FEATURES \
+                       && echo '/^install:/s:install_docs::' \
+                       || echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
+               Makefile.org \
+               || die
+       # show the actual commands in the log
+       sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+       # allow openssl to be cross-compiled
+       cp "${FILESDIR}"/gentoo.config-1.0.0 gentoo.config || die
+       chmod a+rx gentoo.config
+
+       append-flags -fno-strict-aliasing
+       append-flags $(test-flags-CC -Wa,--noexecstack)
+
+       sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
+       ./config --test-sanity || die "I AM NOT SANE"
+}
+
+src_configure() {
+       unset APPS #197996
+       unset SCRIPTS #312551
+       unset CROSS_COMPILE #311473
+
+       tc-export CC AR RANLIB RC
+
+       # Clean out patent-or-otherwise-encumbered code
+       # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+       # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+       # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+       # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+       # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+
+       use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+       echoit() { echo "$@" ; "$@" ; }
+
+       local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+       local sslout=$(./gentoo.config)
+       einfo "Use configuration ${sslout:-(openssl knows best)}"
+       local config="Configure"
+       [[ -z ${sslout} ]] && config="config"
+       echoit \
+       ./${config} \
+               ${sslout} \
+               $(use sse2 || echo "no-sse2") \
+               enable-camellia \
+               $(use_ssl !bindist ec) \
+               enable-idea \
+               enable-mdc2 \
+               $(use_ssl !bindist rc5) \
+               enable-tlsext \
+               $(use_ssl gmp gmp -lgmp) \
+               $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+               $(use_ssl rfc3779) \
+               $(use_ssl zlib) \
+               --prefix=/usr \
+               --openssldir=/etc/ssl \
+               --libdir=$(get_libdir) \
+               shared threads \
+               || die
+
+       # Clean out hardcoded flags that openssl uses
+       local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+               -e 's:^CFLAG=::' \
+               -e 's:-fomit-frame-pointer ::g' \
+               -e 's:-O[0-9] ::g' \
+               -e 's:-march=[-a-z0-9]* ::g' \
+               -e 's:-mcpu=[-a-z0-9]* ::g' \
+               -e 's:-m[a-z0-9]* ::g' \
+       )
+       sed -i \
+               -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+               -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+               Makefile || die
+}
+
+src_compile() {
+       # depend is needed to use $confopts; it also doesn't matter
+       # that it's -j1 as the code itself serializes subdirs
+       emake -j1 depend || die
+       emake all || die
+       # rehash is needed to prep the certs/ dir; do this
+       # separately to avoid parallel build issues.
+       emake rehash || die
+}
+
+src_test() {
+       emake -j1 test || die
+}
+
+src_install() {
+       emake INSTALL_PREFIX="${D}" install || die
+       dobin "${WORKDIR}"/c_rehash || die #333117
+       dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+       dohtml -r doc/*
+       use rfc3779 && dodoc engines/ccgost/README.gost
+
+       # This is crappy in that the static archives are still built even
+       # when USE=static-libs.  But this is due to a failing in the openssl
+       # build system: the static archives are built as PIC all the time.
+       # Only way around this would be to manually configure+compile openssl
+       # twice; once with shared lib support enabled and once without.
+       use static-libs || rm -f "${D}"/usr/lib*/lib*.a
+
+       # create the certs directory
+       dodir /etc/ssl/certs
+       cp -RP certs/* "${D}"/etc/ssl/certs/ || die
+       rm -r "${D}"/etc/ssl/certs/{demo,expired}
+
+       # Namespace openssl programs to prevent conflicts with other man pages
+       cd "${D}"/usr/share/man
+       local m d s
+       for m in $(find . -type f | xargs grep -L '#include') ; do
+               d=${m%/*} ; d=${d#./} ; m=${m##*/}
+               [[ ${m} == openssl.1* ]] && continue
+               [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+               mv ${d}/{,ssl-}${m}
+               # fix up references to renamed man pages
+               sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+               ln -s ssl-${m} ${d}/openssl-${m}
+               # locate any symlinks that point to this man page ... we assume
+               # that any broken links are due to the above renaming
+               for s in $(find -L ${d} -type l) ; do
+                       s=${s##*/}
+                       rm -f ${d}/${s}
+                       ln -s ssl-${m} ${d}/ssl-${s}
+                       ln -s ssl-${s} ${d}/openssl-${s}
+               done
+       done
+       [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+       dodir /etc/sandbox.d #254521
+       echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl
+
+       diropts -m0700
+       keepdir /etc/ssl/private
+}
+
+pkg_preinst() {
+       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+       preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}
+
+pkg_postinst() {
+       ebegin "Running 'c_rehash ${ROOT}etc/ssl/certs/' to rebuild hashes #333069"
+       c_rehash "${ROOT}etc/ssl/certs" >/dev/null
+       eend $?
+
+       has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+       preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}