From 604d5b3e0de296fc6fa6f05007b196f9860974e6 Mon Sep 17 00:00:00 2001 From: Thomas Deutschmann Date: Thu, 22 Aug 2019 00:23:36 +0200 Subject: [PATCH] dev-libs/openssl: fix USE=bindist Patches from upstream are out-of-date and don't apply against openssl-1.1.1c. Instead of patching a patch it's easier to maintain our own patch set. Closes: https://bugs.gentoo.org/692678 Package-Manager: Portage-2.3.72, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann --- dev-libs/openssl/Manifest | 4 +- dev-libs/openssl/openssl-1.1.1c.ebuild | 62 +++++++++++--------------- 2 files changed, 28 insertions(+), 38 deletions(-) diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index ae40847f77dc..321134adc244 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -22,7 +22,5 @@ DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfff DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415 DIST openssl-1.1.1b_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef DIST openssl-1.1.1b_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 +DIST openssl-1.1.1c-bindist-1.0.tar.xz 11964 BLAKE2B 8c5190846d13984589a150089d329bb3ecc613788b9462c6f6a1833a040e21cb9bf940140449f09fd797c0e396b0aea073237be374bd16097795b8974c3e7ce5 SHA512 249c6d8c455130b98e3be635f12f323e0cc349f1770648bad591e5de15483917185a473c162ed871a2fa05b47056931e6f12e5fdd9cecee7e6d1c246b862923b DIST openssl-1.1.1c.tar.gz 8864262 BLAKE2B bd157b244bedcefb8e646a743732945119b267236789ac69c38856570318aca09299bdaaea3f20294863b633e6fd4dfe124820597185b3b7461cfdf094daadb0 SHA512 8e2c5cc11c120efbb7d7850980cb6eaa782d29b4996b3f3378d37613c1679f852d7cc08a90d62e78fcec3439f06bdbee70064579a8c2adaffd91532a97f646ff -DIST openssl-1.1.1c_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415 -DIST openssl-1.1.1c_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef -DIST openssl-1.1.1c_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826 diff --git a/dev-libs/openssl/openssl-1.1.1c.ebuild b/dev-libs/openssl/openssl-1.1.1c.ebuild index b189b395c98a..1071017accec 100644 --- a/dev-libs/openssl/openssl-1.1.1c.ebuild +++ b/dev-libs/openssl/openssl-1.1.1c.ebuild @@ -6,6 +6,16 @@ EAPI=7 inherit flag-o-matic toolchain-funcs multilib multilib-minimal MY_P=${P/_/-} + +# This patch set is based on the following files from Fedora 31, +# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec +# for more details: +# - hobble-openssl (SOURCE1) +# - ec_curve.c (SOURCE12) +# - ectest.c (SOURCE13) +# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED +BINDIST_PATCH_SET="openssl-1.1.1c-bindist-1.0.tar.xz" + DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="https://www.openssl.org/" SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" @@ -33,25 +43,7 @@ PATCHES=( "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 ) -# This does not copy the entire Fedora patchset, but JUST the parts that -# are needed to make it safe to use EC with RESTRICT=bindist. -# See openssl.spec for the matching numbering of SourceNNN, PatchNNN -SOURCE1=hobble-openssl -SOURCE12=ec_curve.c -SOURCE13=ectest.c -PATCH37=openssl-1.1.1-ec-curves.patch -FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/' -FEDORA_GIT_BRANCH='f29' -FEDORA_SRC_URI=() -FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} ) -FEDORA_PATCH=( ${PATCH37} ) -for i in "${FEDORA_SOURCE[@]}" ; do - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" ) -done -for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix - FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" ) -done -SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )" +SRC_URI+=" bindist? ( https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET} )" S="${WORKDIR}/${MY_P}" @@ -61,27 +53,27 @@ MULTILIB_WRAPPED_HEADERS=( src_prepare() { if use bindist; then - # This just removes the prefix, and puts it into WORKDIR like the RPM. - for i in "${FEDORA_SOURCE[@]}" ; do - cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die + mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die + bash "${WORKDIR}"/hobble-openssl || die + + cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die + cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die + + eapply "${WORKDIR}"/bindist-patches/ec-curves.patch + + local known_failing_test + for known_failing_test in \ + 30-test_evp_extra.t \ + 80-test_ssl_new.t \ + ; do + ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist" + rm test/recipes/${known_failing_test} || die + eend $? done - # .spec %prep - bash "${WORKDIR}"/"${SOURCE1}" || die - cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die - cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die - for i in "${FEDORA_PATCH[@]}" ; do - if [[ "${i}" == "${PATCH37}" ]] ; then - # apply our own for OpenSSL 1.1.1b adjusted version of this patch - eapply "${FILESDIR}"/openssl-1.1.1b-ec-curves-patch.patch - else - eapply "${DISTDIR}"/"${i}" - fi - done # Also see the configure parts below: # enable-ec \ # $(use_ssl !bindist ec2m) \ - fi # keep this in sync with app-misc/c_rehash -- 2.26.2