commit: f6af2a9bd7836eb6cbdb0af982768de7306212e3 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Tue Feb 10 21:58:11 2026 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Fri Feb 13 02:46:04 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6af2a9b
dev-libs/openssl: rework static libs support Run Configure separately for a static-libs build so we can disable the "module" feature. This will cause all modules (including legacy.so) to be baked into libcrypto.a, avoiding the need to call dlopen from a static library. This should fix a runtime failure in cryptsetup when glibc is upgraded. Closes: https://bugs.gentoo.org/942823 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> ...ssl-3.5.9999.ebuild => openssl-3.5.5-r1.ebuild} | 79 ++++++++++++++++------ dev-libs/openssl/openssl-3.5.9999.ebuild | 77 +++++++++++++++------ ...penssl-3.6.1.ebuild => openssl-3.6.1-r1.ebuild} | 77 +++++++++++++++------ dev-libs/openssl/openssl-3.6.9999.ebuild | 77 +++++++++++++++------ 4 files changed, 233 insertions(+), 77 deletions(-) diff --git a/dev-libs/openssl/openssl-3.5.9999.ebuild b/dev-libs/openssl/openssl-3.5.5-r1.ebuild similarity index 85% copy from dev-libs/openssl/openssl-3.5.9999.ebuild copy to dev-libs/openssl/openssl-3.5.5-r1.ebuild index 2de7e8ce8aa4..ff44bcfaaa4e 100644 --- a/dev-libs/openssl/openssl-3.5.9999.ebuild +++ b/dev-libs/openssl/openssl-3.5.5-r1.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc inherit edo flag-o-matic linux-info sysroot toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs +inherit multibuild multilib multilib-build multiprocessing preserve-libs DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" HOMEPAGE="https://openssl-library.org/"; @@ -110,6 +110,27 @@ src_prepare() { rm test/recipes/30-test_afalg.t || die } +_openssl_variant() { + local OPENSSL_VARIANT=${MULTIBUILD_VARIANT} + mkdir -p "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" >/dev/null || die + "$@" + popd >/dev/null || die +} + +openssl_foreach_variant() { + local MULTIBUILD_VARIANTS=( "${OPENSSL_VARIANTS[@]}" ) + multibuild_foreach_variant _openssl_variant "$@" +} + +openssl_run_phase() { + multilib_foreach_abi openssl_foreach_variant "$@" +} + +openssl_is_default_variant() { + [[ ${OPENSSL_VARIANT} == shared ]] && multilib_is_native_abi +} + src_configure() { # Keep this in sync with app-misc/c_rehash SSL_CNF_DIR="/etc/ssl" @@ -151,10 +172,13 @@ src_configure() { tc-export AR CC CXX RANLIB RC - multilib-minimal_src_configure + OPENSSL_VARIANTS=( shared ) + use static-libs && OPENSSL_VARIANTS+=( static ) + + openssl_run_phase openssl_src_configure } -multilib_src_configure() { +openssl_src_configure() { use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") @@ -178,7 +202,7 @@ multilib_src_configure() { local myeconfargs=( ${sslout} - $(multilib_is_native_abi || echo "no-docs") + $(openssl_is_default_variant || echo "no-docs") $(use cpu_flags_x86_sse2 || echo "no-sse2") enable-camellia enable-ec @@ -203,21 +227,32 @@ multilib_src_configure() { --openssldir="${EPREFIX}"${SSL_CNF_DIR} --libdir=$(get_libdir) - shared threads ) + if [[ ${OPENSSL_VARIANT} == static ]]; then + myeconfargs+=( no-module no-shared ) + fi + edo perl "${S}/Configure" "${myeconfargs[@]}" } -multilib_src_compile() { +src_compile() { + openssl_run_phase openssl_src_compile +} + +openssl_src_compile() { emake build_sw - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake build_docs fi } -multilib_src_test() { +src_test() { + openssl_run_phase openssl_src_test +} + +openssl_src_test() { # See https://github.com/openssl/openssl/blob/master/test/README.md for options. # # VFP = show subtests verbosely and show failed tests verbosely @@ -229,32 +264,36 @@ multilib_src_test() { emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test } -multilib_src_install() { +openssl_src_install() { + if [[ ${OPENSSL_VARIANT} == static ]]; then + dolib.a libcrypto.a libssl.a + return + fi + # Only -j1 is supported for the install targets: # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 emake DESTDIR="${D}" -j1 install_sw + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + if use fips; then emake DESTDIR="${D}" -j1 install_fips # Regen this in pkg_preinst, bug 900625 rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die fi - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake DESTDIR="${D}" -j1 install_ssldirs emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs fi - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi + multilib_prepare_wrappers + multilib_check_headers } -multilib_src_install_all() { +src_install() { + openssl_run_phase openssl_src_install + multilib_install_wrappers + # openssl installs perl version of c_rehash by default, but # we provide a shell version via app-misc/c_rehash rm "${ED}"/usr/bin/c_rehash || die diff --git a/dev-libs/openssl/openssl-3.5.9999.ebuild b/dev-libs/openssl/openssl-3.5.9999.ebuild index 2de7e8ce8aa4..63e02f749319 100644 --- a/dev-libs/openssl/openssl-3.5.9999.ebuild +++ b/dev-libs/openssl/openssl-3.5.9999.ebuild @@ -5,7 +5,7 @@ EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc inherit edo flag-o-matic linux-info sysroot toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs +inherit multibuild multilib multilib-build multiprocessing preserve-libs DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" HOMEPAGE="https://openssl-library.org/"; @@ -110,6 +110,27 @@ src_prepare() { rm test/recipes/30-test_afalg.t || die } +_openssl_variant() { + local OPENSSL_VARIANT=${MULTIBUILD_VARIANT} + mkdir -p "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" >/dev/null || die + "$@" + popd >/dev/null || die +} + +openssl_foreach_variant() { + local MULTIBUILD_VARIANTS=( "${OPENSSL_VARIANTS[@]}" ) + multibuild_foreach_variant _openssl_variant "$@" +} + +openssl_run_phase() { + multilib_foreach_abi openssl_foreach_variant "$@" +} + +openssl_is_default_variant() { + [[ ${OPENSSL_VARIANT} == shared ]] && multilib_is_native_abi +} + src_configure() { # Keep this in sync with app-misc/c_rehash SSL_CNF_DIR="/etc/ssl" @@ -151,10 +172,13 @@ src_configure() { tc-export AR CC CXX RANLIB RC - multilib-minimal_src_configure + OPENSSL_VARIANTS=( shared ) + use static-libs && OPENSSL_VARIANTS+=( static ) + + openssl_run_phase openssl_src_configure } -multilib_src_configure() { +openssl_src_configure() { use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") @@ -178,7 +202,7 @@ multilib_src_configure() { local myeconfargs=( ${sslout} - $(multilib_is_native_abi || echo "no-docs") + $(openssl_is_default_variant || echo "no-docs") $(use cpu_flags_x86_sse2 || echo "no-sse2") enable-camellia enable-ec @@ -203,21 +227,32 @@ multilib_src_configure() { --openssldir="${EPREFIX}"${SSL_CNF_DIR} --libdir=$(get_libdir) - shared threads ) + if [[ ${OPENSSL_VARIANT} == static ]]; then + myeconfargs+=( no-module no-shared ) + fi + edo perl "${S}/Configure" "${myeconfargs[@]}" } -multilib_src_compile() { +src_compile() { + openssl_run_phase openssl_src_compile +} + +openssl_src_compile() { emake build_sw - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake build_docs fi } -multilib_src_test() { +src_test() { + openssl_run_phase openssl_src_test +} + +openssl_src_test() { # See https://github.com/openssl/openssl/blob/master/test/README.md for options. # # VFP = show subtests verbosely and show failed tests verbosely @@ -229,32 +264,36 @@ multilib_src_test() { emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test } -multilib_src_install() { +openssl_src_install() { + if [[ ${OPENSSL_VARIANT} == static ]]; then + dolib.a libcrypto.a libssl.a + return + fi + # Only -j1 is supported for the install targets: # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 emake DESTDIR="${D}" -j1 install_sw + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + if use fips; then emake DESTDIR="${D}" -j1 install_fips # Regen this in pkg_preinst, bug 900625 rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die fi - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake DESTDIR="${D}" -j1 install_ssldirs emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs fi - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi + multilib_prepare_wrappers + multilib_check_headers } -multilib_src_install_all() { +src_install() { + openssl_run_phase openssl_src_install + multilib_install_wrappers + # openssl installs perl version of c_rehash by default, but # we provide a shell version via app-misc/c_rehash rm "${ED}"/usr/bin/c_rehash || die diff --git a/dev-libs/openssl/openssl-3.6.1.ebuild b/dev-libs/openssl/openssl-3.6.1-r1.ebuild similarity index 86% rename from dev-libs/openssl/openssl-3.6.1.ebuild rename to dev-libs/openssl/openssl-3.6.1-r1.ebuild index 63fbdb12b30e..a31a3060870b 100644 --- a/dev-libs/openssl/openssl-3.6.1.ebuild +++ b/dev-libs/openssl/openssl-3.6.1-r1.ebuild @@ -5,7 +5,7 @@ EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc inherit edo flag-o-matic linux-info sysroot toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs +inherit multibuild multilib multilib-build multiprocessing preserve-libs DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" HOMEPAGE="https://openssl-library.org/"; @@ -110,6 +110,27 @@ src_prepare() { rm test/recipes/30-test_afalg.t || die } +_openssl_variant() { + local OPENSSL_VARIANT=${MULTIBUILD_VARIANT} + mkdir -p "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" >/dev/null || die + "$@" + popd >/dev/null || die +} + +openssl_foreach_variant() { + local MULTIBUILD_VARIANTS=( "${OPENSSL_VARIANTS[@]}" ) + multibuild_foreach_variant _openssl_variant "$@" +} + +openssl_run_phase() { + multilib_foreach_abi openssl_foreach_variant "$@" +} + +openssl_is_default_variant() { + [[ ${OPENSSL_VARIANT} == shared ]] && multilib_is_native_abi +} + src_configure() { # Keep this in sync with app-misc/c_rehash SSL_CNF_DIR="/etc/ssl" @@ -151,10 +172,13 @@ src_configure() { tc-export AR CC CXX RANLIB RC - multilib-minimal_src_configure + OPENSSL_VARIANTS=( shared ) + use static-libs && OPENSSL_VARIANTS+=( static ) + + openssl_run_phase openssl_src_configure } -multilib_src_configure() { +openssl_src_configure() { use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") @@ -178,7 +202,7 @@ multilib_src_configure() { local myeconfargs=( ${sslout} - $(multilib_is_native_abi || echo "no-docs") + $(openssl_is_default_variant || echo "no-docs") $(use cpu_flags_x86_sse2 || echo "no-sse2") enable-camellia enable-ec @@ -203,21 +227,32 @@ multilib_src_configure() { --openssldir="${EPREFIX}"${SSL_CNF_DIR} --libdir=$(get_libdir) - shared threads ) + if [[ ${OPENSSL_VARIANT} == static ]]; then + myeconfargs+=( no-module no-shared ) + fi + edo perl "${S}/Configure" "${myeconfargs[@]}" } -multilib_src_compile() { +src_compile() { + openssl_run_phase openssl_src_compile +} + +openssl_src_compile() { emake build_sw - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake build_docs fi } -multilib_src_test() { +src_test() { + openssl_run_phase openssl_src_test +} + +openssl_src_test() { # See https://github.com/openssl/openssl/blob/master/test/README.md for options. # # VFP = show subtests verbosely and show failed tests verbosely @@ -229,32 +264,36 @@ multilib_src_test() { emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test } -multilib_src_install() { +openssl_src_install() { + if [[ ${OPENSSL_VARIANT} == static ]]; then + dolib.a libcrypto.a libssl.a + return + fi + # Only -j1 is supported for the install targets: # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 emake DESTDIR="${D}" -j1 install_sw + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + if use fips; then emake DESTDIR="${D}" -j1 install_fips # Regen this in pkg_preinst, bug 900625 rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die fi - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake DESTDIR="${D}" -j1 install_ssldirs emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs fi - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi + multilib_prepare_wrappers + multilib_check_headers } -multilib_src_install_all() { +src_install() { + openssl_run_phase openssl_src_install + multilib_install_wrappers + # openssl installs perl version of c_rehash by default, but # we provide a shell version via app-misc/c_rehash rm "${ED}"/usr/bin/c_rehash || die diff --git a/dev-libs/openssl/openssl-3.6.9999.ebuild b/dev-libs/openssl/openssl-3.6.9999.ebuild index 2de7e8ce8aa4..63e02f749319 100644 --- a/dev-libs/openssl/openssl-3.6.9999.ebuild +++ b/dev-libs/openssl/openssl-3.6.9999.ebuild @@ -5,7 +5,7 @@ EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc inherit edo flag-o-matic linux-info sysroot toolchain-funcs -inherit multilib multilib-minimal multiprocessing preserve-libs +inherit multibuild multilib multilib-build multiprocessing preserve-libs DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" HOMEPAGE="https://openssl-library.org/"; @@ -110,6 +110,27 @@ src_prepare() { rm test/recipes/30-test_afalg.t || die } +_openssl_variant() { + local OPENSSL_VARIANT=${MULTIBUILD_VARIANT} + mkdir -p "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" >/dev/null || die + "$@" + popd >/dev/null || die +} + +openssl_foreach_variant() { + local MULTIBUILD_VARIANTS=( "${OPENSSL_VARIANTS[@]}" ) + multibuild_foreach_variant _openssl_variant "$@" +} + +openssl_run_phase() { + multilib_foreach_abi openssl_foreach_variant "$@" +} + +openssl_is_default_variant() { + [[ ${OPENSSL_VARIANT} == shared ]] && multilib_is_native_abi +} + src_configure() { # Keep this in sync with app-misc/c_rehash SSL_CNF_DIR="/etc/ssl" @@ -151,10 +172,13 @@ src_configure() { tc-export AR CC CXX RANLIB RC - multilib-minimal_src_configure + OPENSSL_VARIANTS=( shared ) + use static-libs && OPENSSL_VARIANTS+=( static ) + + openssl_run_phase openssl_src_configure } -multilib_src_configure() { +openssl_src_configure() { use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") @@ -178,7 +202,7 @@ multilib_src_configure() { local myeconfargs=( ${sslout} - $(multilib_is_native_abi || echo "no-docs") + $(openssl_is_default_variant || echo "no-docs") $(use cpu_flags_x86_sse2 || echo "no-sse2") enable-camellia enable-ec @@ -203,21 +227,32 @@ multilib_src_configure() { --openssldir="${EPREFIX}"${SSL_CNF_DIR} --libdir=$(get_libdir) - shared threads ) + if [[ ${OPENSSL_VARIANT} == static ]]; then + myeconfargs+=( no-module no-shared ) + fi + edo perl "${S}/Configure" "${myeconfargs[@]}" } -multilib_src_compile() { +src_compile() { + openssl_run_phase openssl_src_compile +} + +openssl_src_compile() { emake build_sw - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake build_docs fi } -multilib_src_test() { +src_test() { + openssl_run_phase openssl_src_test +} + +openssl_src_test() { # See https://github.com/openssl/openssl/blob/master/test/README.md for options. # # VFP = show subtests verbosely and show failed tests verbosely @@ -229,32 +264,36 @@ multilib_src_test() { emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test } -multilib_src_install() { +openssl_src_install() { + if [[ ${OPENSSL_VARIANT} == static ]]; then + dolib.a libcrypto.a libssl.a + return + fi + # Only -j1 is supported for the install targets: # https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305 emake DESTDIR="${D}" -j1 install_sw + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + if use fips; then emake DESTDIR="${D}" -j1 install_fips # Regen this in pkg_preinst, bug 900625 rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die fi - if multilib_is_native_abi; then + if openssl_is_default_variant; then emake DESTDIR="${D}" -j1 install_ssldirs emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs fi - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - if ! use static-libs ; then - rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die - fi + multilib_prepare_wrappers + multilib_check_headers } -multilib_src_install_all() { +src_install() { + openssl_run_phase openssl_src_install + multilib_install_wrappers + # openssl installs perl version of c_rehash by default, but # we provide a shell version via app-misc/c_rehash rm "${ED}"/usr/bin/c_rehash || die
