diff options
author | 2024-12-01 01:46:04 +0300 | |
---|---|---|
committer | 2025-01-05 20:26:24 +0000 | |
commit | 59eca6456e672aa6e0ba39ee15a2fd449c80367d (patch) | |
tree | 13153229d214cbb5bb2199621805312256d08f42 /net-libs | |
parent | kde-frameworks/kguiaddons: Add missing BDEPEND (diff) | |
download | gentoo-59eca6456e672aa6e0ba39ee15a2fd449c80367d.tar.gz gentoo-59eca6456e672aa6e0ba39ee15a2fd449c80367d.tar.bz2 gentoo-59eca6456e672aa6e0ba39ee15a2fd449c80367d.zip |
net-libs/mbedtls: slotting version 3
MbedTLS breaks API compatibility between major versions, and some
packages are unable or not willing to migrate from slowly deprecating
mbedtls-2 branches, so we are forced to keep them both for a while.
Upstream PR: https://github.com/Mbed-TLS/mbedtls/pull/8800
[sam: Note that: a) upstream are fine with us doing this (per the
upstream PR), and b) consumers (almost?) always use CMake config files
so they automatically pick up the slotting.]
Bug: https://bugs.gentoo.org/805011
Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com>
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-libs')
5 files changed, 386 insertions, 0 deletions
diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch new file mode 100644 index 000000000000..3aeea6060da7 --- /dev/null +++ b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch @@ -0,0 +1,79 @@ +https://github.com/Mbed-TLS/mbedtls/pull/9876 +From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com> +Date: Sun, 1 Dec 2024 00:49:15 +0300 +Subject: Add version suffix for all installable targets + +Convert main library targets to slottable versions. This allows to +install major versions of MbedTLS simultaneously. + +Dependent packages should use `find_package(MbedTLS 3 [REQUIRED])` and +`MbedTLS::<component>` in order to use requested libraries. +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -478,7 +478,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + install( + FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" + "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake" +- DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS") ++ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}") + + export( + EXPORT MbedTLSTargets +@@ -488,7 +488,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + install( + EXPORT MbedTLSTargets + NAMESPACE MbedTLS:: +- DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS" ++ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}" + FILE "MbedTLSTargets.cmake") + + if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15) +--- a/library/CMakeLists.txt ++++ b/library/CMakeLists.txt +@@ -277,7 +277,7 @@ set(everest_target "${MBEDTLS_TARGET_PREFIX}everest") + + if(USE_STATIC_MBEDTLS_LIBRARY) + add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) +- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) ++ set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) + + if(TARGET ${everest_target}) +@@ -289,11 +289,11 @@ if(USE_STATIC_MBEDTLS_LIBRARY) + endif() + + add_library(${mbedx509_static_target} STATIC ${src_x509}) +- set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) ++ set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) + + add_library(${mbedtls_static_target} STATIC ${src_tls}) +- set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) ++ set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) + endif(USE_STATIC_MBEDTLS_LIBRARY) + +@@ -301,6 +301,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) + set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) + add_library(${mbedcrypto_target} SHARED ${src_crypto}) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.2 SOVERSION 16) ++ set_target_properties(${mbedcrypto_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) + + if(TARGET ${everest_target}) +@@ -313,10 +314,12 @@ if(USE_SHARED_MBEDTLS_LIBRARY) + + add_library(${mbedx509_target} SHARED ${src_x509}) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.2 SOVERSION 7) ++ set_target_properties(${mbedx509_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) + + add_library(${mbedtls_target} SHARED ${src_tls}) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.2 SOVERSION 21) ++ set_target_properties(${mbedtls_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR}) + target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) + endif(USE_SHARED_MBEDTLS_LIBRARY) + +-- +2.45.2 + diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch new file mode 100644 index 000000000000..4e3858b327cd --- /dev/null +++ b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch @@ -0,0 +1,71 @@ +https://github.com/Mbed-TLS/mbedtls/pull/9876 +From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com> +Date: Sun, 1 Dec 2024 00:54:10 +0300 +Subject: Add version suffix for pkg-config files + +Convert main library targets to slottable versions. This allows to +install major versions of MbedTLS simultaneously. + +Dependent packages should use +`pkg-config --libs --cflags (mbedtls3|mbedx5093|mbedx5093)` in order to use +requested libraries. +--- a/pkgconfig/CMakeLists.txt ++++ b/pkgconfig/CMakeLists.txt +@@ -8,18 +8,18 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.") + set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/") + +- configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY) ++ configure_file(mbedcrypto.pc.in mbedcrypto${PROJECT_VERSION_MAJOR}.pc @ONLY) + install(FILES +- ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc ++ ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto${PROJECT_VERSION_MAJOR}.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + +- configure_file(mbedtls.pc.in mbedtls.pc @ONLY) ++ configure_file(mbedtls.pc.in mbedtls${PROJECT_VERSION_MAJOR}.pc @ONLY) + install(FILES +- ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc ++ ${CMAKE_CURRENT_BINARY_DIR}/mbedtls${PROJECT_VERSION_MAJOR}.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + +- configure_file(mbedx509.pc.in mbedx509.pc @ONLY) ++ configure_file(mbedx509.pc.in mbedx509${PROJECT_VERSION_MAJOR}.pc @ONLY) + install(FILES +- ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc ++ ${CMAKE_CURRENT_BINARY_DIR}/mbedx509${PROJECT_VERSION_MAJOR}.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + endif() +--- a/pkgconfig/mbedcrypto.pc.in ++++ b/pkgconfig/mbedcrypto.pc.in +@@ -7,4 +7,4 @@ Description: @PKGCONFIG_PROJECT_DESCRIPTION@ + URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ + Version: @PROJECT_VERSION@ + Cflags: -I"${includedir}" +-Libs: -L"${libdir}" -lmbedcrypto ++Libs: -L"${libdir}" -lmbedcrypto@PROJECT_VERSION_MAJOR@ +--- a/pkgconfig/mbedtls.pc.in ++++ b/pkgconfig/mbedtls.pc.in +@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@ + Description: @PKGCONFIG_PROJECT_DESCRIPTION@ + URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ + Version: @PROJECT_VERSION@ +-Requires.private: mbedcrypto mbedx509 ++Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@ mbedx509@PROJECT_VERSION_MAJOR@ + Cflags: -I"${includedir}" +-Libs: -L"${libdir}" -lmbedtls ++Libs: -L"${libdir}" -lmbedtls@PROJECT_VERSION_MAJOR@ +--- a/pkgconfig/mbedx509.pc.in ++++ b/pkgconfig/mbedx509.pc.in +@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@ + Description: @PKGCONFIG_PROJECT_DESCRIPTION@ + URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ + Version: @PROJECT_VERSION@ +-Requires.private: mbedcrypto ++Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@ + Cflags: -I"${includedir}" +-Libs: -L"${libdir}" -lmbedx509 ++Libs: -L"${libdir}" -lmbedx509@PROJECT_VERSION_MAJOR@ +-- +2.45.2 + diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch new file mode 100644 index 000000000000..2b3ae9fb6999 --- /dev/null +++ b/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch @@ -0,0 +1,105 @@ +https://github.com/Mbed-TLS/mbedtls/pull/9876 +From 6a0c205d86a96772b82c4d7e7dfce5ea362c7870 Mon Sep 17 00:00:00 2001 +From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com> +Date: Sat, 30 Nov 2024 02:17:17 +0300 +Subject: Allow install headers to different location + +Use standard `CMAKE_INSTALL_INCLUDEDIR` and `CMAKE_INSTALL_LIBDIR` +location to define headers and library installation. This variable can be +redefined on configuration phase to allow install headers and libraries to +different location (like `include/mbedtls3`, #8723). + +Additionally removing explicit permission rules as they may broke proper +permissions for system installation (like remove executable bit from +libraries). By default CMake sets permissions correctly on all files and +directories. + +See #8723 for rationale. +--- a/3rdparty/everest/CMakeLists.txt ++++ b/3rdparty/everest/CMakeLists.txt +@@ -27,16 +27,16 @@ if(MBEDTLS_USER_CONFIG_FILE) + endif() + + if(INSTALL_MBEDTLS_HEADERS) +- + install(DIRECTORY include/everest +- DESTINATION include +- FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ +- DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ++ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + FILES_MATCHING PATTERN "*.h") + + endif(INSTALL_MBEDTLS_HEADERS) + + install(TARGETS ${everest_target} + EXPORT MbedTLSTargets +- DESTINATION ${CMAKE_INSTALL_LIBDIR} +- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) ++ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ++ INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} ++) +--- a/3rdparty/p256-m/CMakeLists.txt ++++ b/3rdparty/p256-m/CMakeLists.txt +@@ -25,16 +25,16 @@ if(MBEDTLS_USER_CONFIG_FILE) + endif() + + if(INSTALL_MBEDTLS_HEADERS) +- +- install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR} +- DESTINATION include +- FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ +- DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE ++ install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} ++ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + FILES_MATCHING PATTERN "*.h") + + endif(INSTALL_MBEDTLS_HEADERS) + + install(TARGETS ${p256m_target} +-EXPORT MbedTLSTargets +-DESTINATION ${CMAKE_INSTALL_LIBDIR} +-PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) ++ EXPORT MbedTLSTargets ++ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} ++ RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ++ INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} ++) +--- a/include/CMakeLists.txt ++++ b/include/CMakeLists.txt +@@ -1,16 +1,15 @@ + option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON) + + if(INSTALL_MBEDTLS_HEADERS) +- + file(GLOB headers "mbedtls/*.h") + file(GLOB psa_headers "psa/*.h") + + install(FILES ${headers} +- DESTINATION include/mbedtls ++ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + + install(FILES ${psa_headers} +- DESTINATION include/psa ++ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/psa + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + + endif(INSTALL_MBEDTLS_HEADERS) +--- a/library/CMakeLists.txt ++++ b/library/CMakeLists.txt +@@ -348,7 +348,8 @@ foreach(target IN LISTS target_libraries) + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} +- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) ++ INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} ++ ) + endforeach(target) + + set(lib_target "${MBEDTLS_TARGET_PREFIX}lib") +-- +2.45.2 + diff --git a/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch b/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch new file mode 100644 index 000000000000..1df749854419 --- /dev/null +++ b/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch @@ -0,0 +1,22 @@ +https://github.com/Mbed-TLS/mbedtls/pull/8284#issuecomment-2030088495 +From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com> +Date: Sun, 1 Dec 2024 20:56:50 +0300 +Subject: Exclude 3rd party code from building + +Third party code is required only for limited features that not enabled by default. + +See: https://github.com/Mbed-TLS/mbedtls/pull/8284#issuecomment-2030088495 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -325,8 +325,6 @@ add_subdirectory(framework) + + add_subdirectory(include) + +-add_subdirectory(3rdparty) +- + add_subdirectory(library) + + add_subdirectory(pkgconfig) +-- +2.45.2 + diff --git a/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild b/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild new file mode 100644 index 000000000000..1b2705f0524e --- /dev/null +++ b/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild @@ -0,0 +1,109 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) + +inherit cmake flag-o-matic multilib-minimal python-any-r1 + +DESCRIPTION="Cryptographic library for embedded systems" +HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/" +SRC_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/${P}/${P}.tar.bz2" + +LICENSE="|| ( Apache-2.0 GPL-2+ )" +SLOT="3/16.21.7" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so} +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="cpu_flags_x86_sse2 doc programs static-libs test threads" +RESTRICT="!test? ( test )" + +RDEPEND="!>net-libs/mbedtls-3:0" +BDEPEND=" + ${PYTHON_DEPS} + doc? ( + app-text/doxygen + media-gfx/graphviz + ) + test? ( dev-lang/perl ) +" + +PATCHES=( + "${FILESDIR}/mbedtls-3.6.2-allow-install-headers-to-different-location.patch" + "${FILESDIR}/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch" + "${FILESDIR}/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch" + "${FILESDIR}/mbedtls-3.6.2-exclude-static-3dparty.patch" +) + +enable_mbedtls_option() { + local myopt="$@" + # check that config.h syntax is the same at version bump + sed -i \ + -e "s://#define ${myopt}:#define ${myopt}:" \ + include/mbedtls/mbedtls_config.h || die +} + +src_prepare() { + use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2 + use threads && enable_mbedtls_option MBEDTLS_THREADING_C + use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD + + cmake_src_prepare +} + +src_configure() { + # Workaround for https://github.com/Mbed-TLS/mbedtls/issues/9814 (bug #946544) + append-flags $(test-flags-CC -fzero-init-padding-bits=unions) + multilib-minimal_src_configure +} + +multilib_src_configure() { + local mycmakeargs=( + -DENABLE_PROGRAMS=$(multilib_native_usex programs) + -DENABLE_TESTING=$(usex test) + -DINSTALL_MBEDTLS_HEADERS=ON + -DCMAKE_INSTALL_INCLUDEDIR="include/mbedtls3" + -DLINK_WITH_PTHREAD=$(usex threads) + -DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946 + -DUSE_SHARED_MBEDTLS_LIBRARY=ON + -DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs) + ) + + cmake_src_configure +} + +multilib_src_compile() { + cmake_src_compile + use doc && multilib_is_native_abi && emake -C "${S}" apidoc +} + +multilib_src_test() { + # Disable parallel run, bug #718390 + # https://github.com/Mbed-TLS/mbedtls/issues/4980 + LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \ + cmake_src_test -j1 +} + +multilib_src_install() { + cmake_src_install +} + +multilib_src_install_all() { + use doc && HTML_DOCS=( apidoc ) + + einstalldocs + + if use programs ; then + # avoid file collisions with sys-apps/coreutils + local p e + for p in "${ED}"/usr/bin/* ; do + if [[ -x "${p}" && ! -d "${p}" ]] ; then + mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die + fi + done + for e in aes hash pkey ssl test ; do + docinto "${e}" + dodoc programs/"${e}"/*.c + dodoc programs/"${e}"/*.txt + done + fi +} |