--- openssl-1.1.0f.ebuild 2017-10-11 21:44:59.835115343 -0700 +++ openssl-1.1.0f-r1.ebuild 2017-10-11 22:25:22.556417839 -0700 @@ -3,12 +3,15 @@ EAPI=5 -inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal +inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal rpm MY_P=${P/_/-} DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${MY_P}.tar.gz" +SRC_URI=" + !bindist? ( mirror://openssl/source/${MY_P}.tar.gz ) + bindist? ( https://archives.fedoraproject.org/pub/fedora/linux/development/27/Everything/source/tree/Packages/o/${P}-9.fc27.src.rpm ) +" LICENSE="openssl" SLOT="0/1.1" # .so version of libssl/libcrypto @@ -38,6 +41,27 @@ ) src_prepare() { + # This does not copy the entire Fedora patchset, but JUST the parts that + # are needed to make it safe to use EC with RESTRICT=bindist. + # See openssl.spec + if use bindist; then + # Constants from openssl.spec + SOURCE1=hobble-openssl + SOURCE12=ec_curve.c + SOURCE13=ectest.c + PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC + PATCH37=openssl-1.1.0-ec-curves.patch + # .spec %prep + "${WORKDIR}"/"$SOURCE1" || die + cp "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die + cp "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die + epatch "${WORKDIR}"/"${PATCH1}" + epatch "${WORKDIR}"/"${PATCH37}" + # Also see the configure parts below: + # enable-ec \ + # $(use_ssl !bindist ec2m) \ + + fi # keep this in sync with app-misc/c_rehash SSL_CNF_DIR="/etc/ssl" @@ -132,13 +156,15 @@ [[ -z ${sslout} ]] && config="config" echoit \ + # Fedora hobbled-EC needs 'no-ec2m'. ./${config} \ ${sslout} \ --api=1.0.0 \ $(use cpu_flags_x86_sse2 || echo "no-sse2") \ enable-camellia \ disable-deprecated \ - $(use_ssl !bindist ec) \ + enable-ec \ + $(use_ssl !bindist ec2m) \ ${ec_nistp_64_gcc_128} \ enable-idea \ enable-mdc2 \