From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7F948138359 for ; Tue, 4 Aug 2020 23:13:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 59D12E091D; Tue, 4 Aug 2020 23:13:34 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 36FD4E091D for ; Tue, 4 Aug 2020 23:13:34 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 9B78034F0CC for ; Tue, 4 Aug 2020 23:13:32 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2B0B3304 for ; Tue, 4 Aug 2020 23:13:31 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1596582802.5e560782ad7d5b084ed18d92c9f29741f1127460.blueness@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/curl/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/curl/curl-7.71.1-r1.ebuild X-VCS-Directories: net-misc/curl/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 5e560782ad7d5b084ed18d92c9f29741f1127460 X-VCS-Branch: master Date: Tue, 4 Aug 2020 23:13:31 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1dff715b-5c33-44a0-9a2f-ab03e877e4b4 X-Archives-Hash: 005c3b00a675e134bd5e68b940bbf157 commit: 5e560782ad7d5b084ed18d92c9f29741f1127460 Author: Tom Gillespie gmail com> AuthorDate: Sat Jul 4 23:04:48 2020 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Tue Aug 4 23:13:22 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e560782 net-misc/curl: enable multiple ssl implementations This commit makes it possible to enable multiple ssl backends for curl by setting any of the gnutls, libressl/openssl, mbedtls, nss, and winssl use flags. The behavior of CURL_SSL is slighly modified so that it sets the default ssl backend that curl uses rather than the only backend that it uses. This allows it to continue to be used on other ebuilds without users having to make any changes to their current use flag configuration. Signed-off-by: Tom Gillespie gmail.com> Signed-off-by: Anthony G. Basile gentoo.org> net-misc/curl/curl-7.71.1-r1.ebuild | 58 ++++++++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 14 deletions(-) diff --git a/net-misc/curl/curl-7.71.1-r1.ebuild b/net-misc/curl/curl-7.71.1-r1.ebuild index cfcba68debd..2466e3efbd2 100644 --- a/net-misc/curl/curl-7.71.1-r1.ebuild +++ b/net-misc/curl/curl-7.71.1-r1.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://curl.haxx.se/download/${P}.tar.xz" LICENSE="curl" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns alt-svc brotli +ftp gopher http2 idn +imap ipv6 kerberos ldap metalink +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads" +IUSE="adns alt-svc brotli +ftp gnutls gopher http2 idn +imap ipv6 kerberos ldap libressl mbedtls metalink nss +openssl +pop3 +progress-meter rtmp samba +smtp ssh ssl static-libs test telnet +tftp threads winssl" IUSE+=" curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" IUSE+=" nghttp3 quiche" IUSE+=" elibc_Winnt" @@ -23,22 +23,22 @@ RESTRICT="test" RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] ) ssl? ( - curl_ssl_gnutls? ( + gnutls? ( net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] dev-libs/nettle:0=[${MULTILIB_USEDEP}] app-misc/ca-certificates ) - curl_ssl_libressl? ( + libressl? ( dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] ) - curl_ssl_mbedtls? ( + mbedtls? ( net-libs/mbedtls:0=[${MULTILIB_USEDEP}] app-misc/ca-certificates ) - curl_ssl_openssl? ( + openssl? ( dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] ) - curl_ssl_nss? ( + nss? ( dev-libs/nss:0[${MULTILIB_USEDEP}] app-misc/ca-certificates ) @@ -75,11 +75,13 @@ BDEPEND="virtual/pkgconfig )" # c-ares must be disabled for threads -# only one ssl provider can be enabled +# only one of libressl or openssl can be enabled +# only one default ssl provider can be enabled REQUIRED_USE=" - curl_ssl_winssl? ( elibc_Winnt ) + winssl? ( elibc_Winnt ) threads? ( !adns ) ssl? ( + libressl? ( !openssl ) ^^ ( curl_ssl_gnutls curl_ssl_libressl @@ -119,30 +121,58 @@ multilib_src_configure() { # So start with all ssl providers off until proven otherwise # TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/) local myconf=() + myconf+=( --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + #myconf+=( --without-default-ssl-backend ) if use ssl ; then - if use curl_ssl_gnutls; then + if use gnutls || use curl_ssl_gnutls; then einfo "SSL provided by gnutls" myconf+=( --with-gnutls --with-nettle ) - elif use curl_ssl_libressl; then + fi + if use libressl || use curl_ssl_libressl; then einfo "SSL provided by LibreSSL" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_mbedtls; then + fi + if use mbedtls || use curl_ssl_mbedtls; then einfo "SSL provided by mbedtls" myconf+=( --with-mbedtls ) - elif use curl_ssl_nss; then + fi + if use nss || use curl_ssl_nss; then einfo "SSL provided by nss" myconf+=( --with-nss ) - elif use curl_ssl_openssl; then + fi + if use openssl || use curl_ssl_openssl; then einfo "SSL provided by openssl" myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) - elif use curl_ssl_winssl; then + fi + if use winssl || use curl_ssl_winssl; then einfo "SSL provided by Windows" myconf+=( --with-winssl ) + fi + + if use curl_ssl_gnutls; then + einfo "Default SSL provided by gnutls" + myconf+=( --with-default-ssl-backend=gnutls ) + elif use curl_ssl_libressl; then + einfo "Default SSL provided by LibreSSL" + myconf+=( --with-default-ssl-backend=openssl ) # NOTE THE HACK HERE + elif use curl_ssl_mbedtls; then + einfo "Default SSL provided by mbedtls" + myconf+=( --with-default-ssl-backend=mbedtls ) + elif use curl_ssl_nss; then + einfo "Default SSL provided by nss" + myconf+=( --with-default-ssl-backend=nss ) + elif use curl_ssl_openssl; then + einfo "Default SSL provided by openssl" + myconf+=( --with-default-ssl-backend=openssl ) + elif use curl_ssl_winssl; then + einfo "Default SSL provided by Windows" + myconf+=( --with-default-ssl-backend=winssl ) else eerror "We can't be here because of REQUIRED_USE." fi + else einfo "SSL disabled" fi