From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D35E515802F for ; Sat, 11 Mar 2023 16:51:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 297F5E0827; Sat, 11 Mar 2023 16:51:07 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0F740E07FE for ; Sat, 11 Mar 2023 16:51:07 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 21D94335D6E for ; Sat, 11 Mar 2023 16:51:06 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id B439B21 for ; Sat, 11 Mar 2023 16:51:04 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1678553461.76f8af3f0ac6bd939ca6c837d0bba99098ac6ce0.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-libs/openssl/openssl-3.0.8-r1.ebuild dev-libs/openssl/openssl-3.0.8.ebuild X-VCS-Directories: dev-libs/openssl/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: 76f8af3f0ac6bd939ca6c837d0bba99098ac6ce0 X-VCS-Branch: master Date: Sat, 11 Mar 2023 16:51:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: fbe7e81a-7faf-41f0-841a-68d48c13a453 X-Archives-Hash: 4eac064445f45eee650c2699dfbcab3e commit: 76f8af3f0ac6bd939ca6c837d0bba99098ac6ce0 Author: Mike Gilbert gentoo org> AuthorDate: Sat Mar 11 05:50:36 2023 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Sat Mar 11 16:51:01 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76f8af3f dev-libs/openssl: generate fipsmodule.cnf in pkg_preinst This file contains an hash of the fips.so module, which may change after src_install due to automatic stripping by the package manager. README-FIPS.md says this file should be generated on each machine separately anyway. This will fail when cross-compiling since we call openssl from ${D}, but I don't see a better way to handle it. Only the primary ABI is handled currently: by the time we get to pkg_preinst, the tools from the secondary ABIs have been clobbered. Closes: https://bugs.gentoo.org/900625 Signed-off-by: Mike Gilbert gentoo.org> .../{openssl-3.0.8.ebuild => openssl-3.0.8-r1.ebuild} | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/dev-libs/openssl/openssl-3.0.8.ebuild b/dev-libs/openssl/openssl-3.0.8-r1.ebuild similarity index 95% rename from dev-libs/openssl/openssl-3.0.8.ebuild rename to dev-libs/openssl/openssl-3.0.8-r1.ebuild index a5c46e57fff2..d809d357d0fb 100644 --- a/dev-libs/openssl/openssl-3.0.8.ebuild +++ b/dev-libs/openssl/openssl-3.0.8-r1.ebuild @@ -222,6 +222,8 @@ multilib_src_install() { emake DESTDIR="${D}" install_sw if use fips; then emake DESTDIR="${D}" install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die fi if multilib_is_native_abi; then @@ -257,6 +259,17 @@ multilib_src_install_all() { keepdir ${SSL_CNF_DIR}/private } +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi +} + pkg_postinst() { ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"