[gentoo-commits] repo/gentoo:master commit in: profiles/base/, net-libs/gnutls/

[gentoo-commits] repo/gentoo:master commit in: profiles/base/, net-libs/gnutls/

[Sam James]

commit:     b05770f31c02eeba93143907ed1592e49636af4f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 10 22:02:32 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 10 22:06:07 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b05770f3

net-libs/gnutls: add 3.7.8

Bug: https://bugs.gentoo.org/873211
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-libs/gnutls/Manifest            |   2 +
 net-libs/gnutls/gnutls-3.7.8.ebuild | 144 ++++++++++++++++++++++++++++++++++++
 profiles/base/package.use.mask      |   6 ++
 3 files changed, 152 insertions(+)

diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index f468c56dbed9..20aefd7eca78 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -2,3 +2,5 @@ DIST gnutls-3.7.6.tar.xz 6338276 BLAKE2B 9f3cce8dfc0b88f2c42d1d2633417dac649a265
 DIST gnutls-3.7.6.tar.xz.sig 685 BLAKE2B eae022d6cb0d772e465257411381afd97f3dfd19d6f794a1c3e0f8c3c1232a8a1b91269ca7252a5662782183b11ca393c31efe3f88171a526884400fd0534528 SHA512 c969da9a938b9d29a70cea3b00cce337f9a4c4304aae7f501ef6263894f81a420395ddbe1b005f35dff2e900d3fac75e288f10bbfde0ebea034f7e257bb16d0e
 DIST gnutls-3.7.7.tar.xz 6351664 BLAKE2B a66037ecc6da660ff12949f50012840263c2e0b174079e41b62a2d884f060cee56f0c64a2815d07321a54b08cce016d2b4c8f0e059636c1ab5f7db9c8d64c7c6 SHA512 ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08
 DIST gnutls-3.7.7.tar.xz.sig 685 BLAKE2B 53d76a06ed5a74664d6c193459eb310f06e87dd3db97aca9e9fa78837677df58d8de66f187c182b9375786ee0308c5da55f08414183c959c7acb4527c38cd7c7 SHA512 6463bc4661e20051ff9f31c1a557cece34d06b748f4e24f98e807ddc72a3daa9348aa9f0afa83a0f9cd226421c575210eec1936fbeb9a55849e2c397ace9d03d
+DIST gnutls-3.7.8.tar.xz 6029220 BLAKE2B 0a21e63c7cb0ba4eeff23593c7282e0b4d704fa2d2a1cd5289998fd04b58ea36fc343f872225ad05478e278b1cdebbcd0fd376459abcb58547f8fa1488485530 SHA512 4199bcf7c9e3aab2f52266aadceefc563dfe2d938d0ea1f3ec3be95d66f4a8c8e5494d3a800c03dd02ad386dec1738bd63e1fe0d8b394a2ccfc7d6c6a0cc9359
+DIST gnutls-3.7.8.tar.xz.sig 1250 BLAKE2B 66c6a335c3b2290a4e44ffa6ae715ad71d2bcd7df485c1d2d9490985d9dcd445768d6eb021ad3a61614431183c6652254c63ebd8abd0f0a03d3164a6193b6192 SHA512 cecf9843e8683a278d065b663dc98ac2b5fcad1905ee25333038c93c2289b518c974629367e77e66552ac1c9d122d551616edba35cb0c4204202ec676f1a2db7

diff --git a/net-libs/gnutls/gnutls-3.7.8.ebuild b/net-libs/gnutls/gnutls-3.7.8.ebuild
new file mode 100644
index 000000000000..2257a4122b73
--- /dev/null
+++ b/net-libs/gnutls/gnutls-3.7.8.ebuild
@@ -0,0 +1,144 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnutls.asc
+inherit libtool multilib-minimal verify-sig
+
+DESCRIPTION="A secure communications library implementing the SSL, TLS and DTLS protocols"
+HOMEPAGE="https://www.gnutls.org/"
+SRC_URI="mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnutls/v$(ver_cut 1-2)/${P}.tar.xz.sig )"
+
+LICENSE="GPL-3 LGPL-2.1+"
+SLOT="0/30.30" # <libgnutls.so number>.<libgnutlsxx.so number>
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="brotli +cxx dane doc examples guile +idn nls +openssl pkcs11 seccomp sslv2 sslv3 static-libs test test-full +tls-heartbeat tools valgrind zlib zstd"
+
+REQUIRED_USE="test-full? ( cxx dane doc examples guile idn nls openssl pkcs11 seccomp tls-heartbeat tools )"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=dev-libs/libtasn1-4.9:=[${MULTILIB_USEDEP}]
+	dev-libs/libunistring:=[${MULTILIB_USEDEP}]
+	>=dev-libs/nettle-3.6:=[gmp,${MULTILIB_USEDEP}]
+	>=dev-libs/gmp-5.1.3-r1:=[${MULTILIB_USEDEP}]
+	brotli? ( >=app-arch/brotli-1.0.0:=[${MULTILIB_USEDEP}] )
+	dane? ( >=net-dns/unbound-1.4.20:=[${MULTILIB_USEDEP}] )
+	guile? ( >=dev-scheme/guile-2:=[networking] )
+	nls? ( >=virtual/libintl-0-r1:=[${MULTILIB_USEDEP}] )
+	pkcs11? ( >=app-crypt/p11-kit-0.23.1[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-0.16-r1:=[${MULTILIB_USEDEP}] )
+	zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )
+	zstd? ( >=app-arch/zstd-1.3.0:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	test? (
+		seccomp? ( sys-libs/libseccomp )
+	)"
+BDEPEND="
+	dev-util/gtk-doc-am
+	>=virtual/pkgconfig-0-r1
+	doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )
+	valgrind? ( dev-util/valgrind )
+	test-full? (
+		app-crypt/dieharder
+		>=app-misc/datefudge-1.22
+		dev-libs/softhsm:2[-bindist(-)]
+		net-dialup/ppp
+		net-misc/socat
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20220320 )"
+
+DOCS=( README.md doc/certtool.cfg )
+
+HTML_DOCS=()
+
+pkg_setup() {
+	# bug #520818
+	export TZ=UTC
+
+	use doc && HTML_DOCS+=(
+		doc/gnutls.html
+	)
+}
+
+src_prepare() {
+	default
+
+	# don't try to use system certificate store on macOS, it is
+	# confusingly ignoring our ca-certificates and more importantly
+	# fails to compile in certain configurations
+	sed -i -e 's/__APPLE__/__NO_APPLE__/' lib/system/certs.c || die
+
+	# Use sane .so versioning on FreeBSD.
+	elibtoolize
+}
+
+multilib_src_configure() {
+	LINGUAS="${LINGUAS//en/en@boldquot en@quot}"
+
+	local libconf=()
+
+	# TPM needs to be tested before being enabled
+	# Note that this may add a libltdl dep when enabled. Check configure.ac.
+	libconf+=(
+		--without-tpm
+		--without-tpm2
+	)
+
+	# hardware-accel is disabled on OSX because the asm files force
+	#   GNU-stack (as doesn't support that) and when that's removed ld
+	#   complains about duplicate symbols
+	[[ ${CHOST} == *-darwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	# Cygwin as does not understand these asm files at all
+	[[ ${CHOST} == *-cygwin* ]] && libconf+=( --disable-hardware-acceleration )
+
+	# -fanalyzer substantially slows down the build and isn't useful for
+	# us. It's useful for upstream as it's static analysis, but it's not
+	# useful when just getting something built.
+	export gl_cv_warn_c__fanalyzer=no
+
+	local myeconfargs=(
+		$(multilib_native_enable manpages)
+		$(multilib_native_use_enable doc gtk-doc)
+		$(multilib_native_use_enable doc)
+		$(multilib_native_use_enable guile)
+		$(multilib_native_use_enable seccomp seccomp-tests)
+		$(multilib_native_use_enable test tests)
+		$(multilib_native_use_enable test-full full-test-suite)
+		$(multilib_native_use_enable tools)
+		$(multilib_native_use_enable valgrind valgrind-tests)
+		$(use_enable cxx)
+		$(use_enable dane libdane)
+		$(use_enable nls)
+		$(use_enable openssl openssl-compatibility)
+		$(use_enable sslv2 ssl2-support)
+		$(use_enable sslv3 ssl3-support)
+		$(use_enable static-libs static)
+		$(use_enable tls-heartbeat heartbeat-support)
+		$(use_with brotli)
+		$(use_with idn)
+		$(use_with pkcs11 p11-kit)
+		$(use_with zlib)
+		$(use_with zstd)
+		--disable-rpath
+		--with-default-trust-store-file="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+		--with-unbound-root-key-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
+		--without-included-libtasn1
+		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+	)
+
+	ECONF_SOURCE="${S}" econf "${libconf[@]}" "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	if use examples; then
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}

diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
index dca32ba381a0..4236d64c0e81 100644
--- a/profiles/base/package.use.mask
+++ b/profiles/base/package.use.mask
@@ -6,6 +6,12 @@
 # This file is only for generic masks. For arch-specific masks (i.e.
 # mask everywhere, unmask on arch/*) use arch/base.
 
+# Sam James <sam@gentoo.org> (2022-10-10)
+# These releases *are* signed by the needed people, but have an additional
+# signature not present in the official release keychain, so verify-sig.eclass
+# fails: bug #873211.
+~net-libs/gnutls-3.7.8 verify-sig
+
 # Sam Jame <sam@gentoo.org> (2022-10-08)
 # Older versions of libvirt need a vulnerable version of wireshark
 <app-emulation/libvirt-8.0.0 wireshark-plugins

[gentoo-commits] repo/gentoo:master commit in: profiles/base/, net-libs/gnutls/

[Sam James]

commit:     54129afda5119acd43615ca57d6c004f35aa13df
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 16 23:59:14 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 17 00:57:48 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54129afd

net-libs/gnutls: unmask verify-sig for 3.7.8; tighten sig dep

Bug: https://gitlab.com/gnutls/gnutls/-/issues/1407
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-libs/gnutls/gnutls-3.7.8.ebuild | 2 +-
 profiles/base/package.use.mask      | 6 ------
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/net-libs/gnutls/gnutls-3.7.8.ebuild b/net-libs/gnutls/gnutls-3.7.8.ebuild
index 2257a4122b73..3995f16eedc5 100644
--- a/net-libs/gnutls/gnutls-3.7.8.ebuild
+++ b/net-libs/gnutls/gnutls-3.7.8.ebuild
@@ -48,7 +48,7 @@ BDEPEND="
 		net-dialup/ppp
 		net-misc/socat
 	)
-	verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20220320 )"
+	verify-sig? ( >=sec-keys/openpgp-keys-gnutls-20221017 )"
 
 DOCS=( README.md doc/certtool.cfg )
 

diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
index 5e41111cc90b..5dd77f442ac0 100644
--- a/profiles/base/package.use.mask
+++ b/profiles/base/package.use.mask
@@ -6,12 +6,6 @@
 # This file is only for generic masks. For arch-specific masks (i.e.
 # mask everywhere, unmask on arch/*) use arch/base.
 
-# Sam James <sam@gentoo.org> (2022-10-10)
-# These releases *are* signed by the needed people, but have an additional
-# signature not present in the official release keychain, so verify-sig.eclass
-# fails: bug #873211.
-~net-libs/gnutls-3.7.8 verify-sig
-
 # Sam James <sam@gentoo.org> (2022-10-08)
 # Older versions of libvirt need a vulnerable version of wireshark
 <app-emulation/libvirt-8.0.0 wireshark-plugins