[gentoo-commits] repo/gentoo:master commit in: media-gfx/imagemagick/

Sat, 23 Sep 2023 18:52:25 -0700 

commit:     e761b7e2e843cedc7e486e5a6351da6bc6a27572
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 24 01:42:10 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 24 01:42:10 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e761b7e2

media-gfx/imagemagick: add 6.9.12.96 (w/ USE=hardened)

This adds a USE=hardened which sets the new configure arg (added between .92 
and .96)
called --with-security-policy.

It defaults upstream to 'open'. We follow that default for USE=-hardened, but
set it to 'limited' for USE=hardened.

Bug: https://bugs.gentoo.org/716674
Signed-off-by: Sam James <sam <AT> gentoo.org>

 media-gfx/imagemagick/Manifest                     |   1 +
 media-gfx/imagemagick/imagemagick-6.9.12.96.ebuild | 242 +++++++++++++++++++++
 2 files changed, 243 insertions(+)

diff --git a/media-gfx/imagemagick/Manifest b/media-gfx/imagemagick/Manifest
index 42908a9dcbbc..83b4155d2ce2 100644
--- a/media-gfx/imagemagick/Manifest
+++ b/media-gfx/imagemagick/Manifest
@@ -1,6 +1,7 @@
 DIST ImageMagick-6.9.12-84.tar.xz 9264140 BLAKE2B 
5d26cc4921d5fcf8b98a126816c3f03ba8c925fef02aab49b50b54cc9275f412a35797a0a5200e6de41b7fcec1c3936aaa6139227568adb80070141cd19bb805
 SHA512 
5b1294e171fe627d8197b771417b9939516175a36b6f33bc82f62558fbf6af7bd26dc357a17da44d73429e4dc56f79f8c8770e2ffa040b0fac31663d31fb4ef3
 DIST ImageMagick-6.9.12-89.tar.xz 9262956 BLAKE2B 
5f4eb74e6a57cc16503e1bc803472f1bbfaf1b737a4bb9f1257e8100c791bb12fdf8904c8eea4d27d9a26da70839894eb157133a1ad1de7a0a9d700f62747147
 SHA512 
d109cce5dbe239f0e20e871575e5093938cc0c45053e99f675a40a4d5a24f0e67814abc9aac72c2fc0b3216249ff46ff82fa299877d4488bdbf3f28766b50cde
 DIST ImageMagick-6.9.12-93.tar.xz 9261928 BLAKE2B 
245ea5bdf49c1d4ca4e0cb34537748fe9604cdab22d4cf2ef6f809c8ba5b202daa79846fe7ad4249e558be005f505fab16153d8d39d01fc64466bbda53517887
 SHA512 
37a3d9b0b40aeb8e1f20e8497d5ce11dab1da2d18db0ce77d5762000c504671bccfb682bec16991a09afc6c7f27c141477413849e3e5d9697d9edd5c3bc276c8
+DIST ImageMagick-6.9.12-96.tar.xz 9275248 BLAKE2B 
81cad8da2d809d38c0146d54a7a39b75d39ac88138ef504a669aaa8293452baa1a1985568e80e4128e76fb3eded5d7111a45d47eea59b827e652ca5ee1a6396e
 SHA512 
ffdc40d37919ec19ffd47955a39351a3532caca355f73f93bda1577157346a7d8b5727c4c8abddc87262bd9442e1af4ad8aae748a1364c28a407c3fb8c42ffb5
 DIST ImageMagick-7.1.1-11.tar.xz 10196156 BLAKE2B 
328ffe6dbf30b597ec56f94ab5e74cca553cb47eca244c76b91273c278c097990fb8ed7eeaa22311d4408022808e752cbb4c8775c56b3d64d3a4216487093e9e
 SHA512 
b3c839457b62a6b83d3ab9cf12bda2f41030eed75ae5ff898331ffdfe202a93ea8284c8f8608f4ecd013c7eb0c4cbef6527caff62bcf382d62e8531389628fc3
 DIST ImageMagick-7.1.1-15.tar.xz 10200668 BLAKE2B 
e9910b94d1a47641785cf05b1bfe99f310619aa48d32eb42823b7e83b9be2904e6ebc63965e6eaca2ed1162e6b0055f54bac946602759941a0d20fbf7502bf9d
 SHA512 
afd6216d423a2b8b03727bac089bb83a0fe43c9bfc4c244d4ad5b1c8fa4c3a47be4c7556ef8f008debd0252c7b176c54caddd3c5c8b0ea4f5ca1836943326e8a
 DIST ImageMagick-7.1.1-6.tar.xz 10392592 BLAKE2B 
ed02f36d0014f2699db5df0eb1cf3b18ccbdbee92e3a3bcfb85084672faeb984c6bb27cdf46349768f936ac91ebac744aa00fa3a95fcf1f02a4969f315d2079d
 SHA512 
52aa9aca4d987ee8f2142ce2e192230465399435d0cd7e64683349d0da1f52f2fbd03a2c667605c0c9da66435f84df173c60b7eb93ecada691e801e08dd9fd48

diff --git a/media-gfx/imagemagick/imagemagick-6.9.12.96.ebuild 
b/media-gfx/imagemagick/imagemagick-6.9.12.96.ebuild
new file mode 100644
index 000000000000..6984b341f097
--- /dev/null
+++ b/media-gfx/imagemagick/imagemagick-6.9.12.96.ebuild
@@ -0,0 +1,242 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1-3)
+inherit flag-o-matic libtool perl-functions toolchain-funcs
+
+if [[ ${PV} == 9999 ]] ; then
+       EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick6.git";
+       inherit git-r3
+       MY_P="imagemagick-9999"
+else
+       MY_PV="$(ver_rs 3 '-')"
+       MY_P="ImageMagick-${MY_PV}"
+       SRC_URI="mirror://imagemagick/${MY_P}.tar.xz"
+       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 
~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}/${MY_P}"
+
+DESCRIPTION="A collection of tools and libraries for many image formats"
+HOMEPAGE="https://www.imagemagick.org/";
+
+LICENSE="imagemagick"
+# Please check this on bumps, SONAME is often not updated! Use abidiff on 
old/new.
+# If ABI is broken, change the bit after the '-'.
+SLOT="0/$(ver_cut 1-3)-96"
+IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hardened hdri 
heif jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl +png 
postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib"
+
+REQUIRED_USE="
+       corefonts? ( truetype )
+       svg? ( xml )
+       test? ( corefonts )
+"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+       !media-gfx/graphicsmagick[imagemagick]
+       dev-libs/libltdl
+       bzip2? ( app-arch/bzip2 )
+       corefonts? ( media-fonts/corefonts )
+       djvu? ( app-text/djvu )
+       fftw? ( sci-libs/fftw:3.0 )
+       fontconfig? ( media-libs/fontconfig )
+       fpx? ( >=media-libs/libfpx-1.3.0-r1 )
+       graphviz? ( media-gfx/graphviz )
+       heif? ( media-libs/libheif:=[x265] )
+       jbig? ( >=media-libs/jbigkit-2:= )
+       jpeg? ( media-libs/libjpeg-turbo:= )
+       jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 )
+       lcms? ( media-libs/lcms:2= )
+       lqr? ( media-libs/liblqr )
+       opencl? ( virtual/opencl )
+       openexr? ( media-libs/openexr:0= )
+       pango? ( x11-libs/pango )
+       perl? ( >=dev-lang/perl-5.8.8:= )
+       png? ( media-libs/libpng:= )
+       postscript? ( app-text/ghostscript-gpl:= )
+       raw? ( media-libs/libraw:= )
+       svg? (
+               gnome-base/librsvg
+               media-gfx/potrace
+       )
+       tiff? ( media-libs/tiff:= )
+       truetype? (
+               media-fonts/urw-fonts
+               >=media-libs/freetype-2
+       )
+       webp? ( media-libs/libwebp:= )
+       wmf? ( media-libs/libwmf )
+       X? (
+               x11-libs/libICE
+               x11-libs/libSM
+               x11-libs/libXext
+               x11-libs/libXt
+       )
+       xml? ( dev-libs/libxml2 )
+       lzma? ( app-arch/xz-utils )
+       zlib? ( sys-libs/zlib:= )
+"
+DEPEND="
+       ${RDEPEND}
+       X? ( x11-base/xorg-proto )
+"
+BDEPEND="virtual/pkgconfig"
+
+pkg_pretend() {
+       [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp
+}
+
+pkg_setup() {
+       [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp
+}
+
+src_prepare() {
+       default
+
+       # for Darwin modules
+       elibtoolize
+
+       # For testsuite, see bug #500580#c3
+       local ati_cards mesa_cards nvidia_cards render_cards
+       shopt -s nullglob
+       ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
+       if test -n "${ati_cards}"; then
+               addpredict "${ati_cards}"
+       fi
+       mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+       if test -n "${mesa_cards}"; then
+               addpredict "${mesa_cards}"
+       fi
+       nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g')
+       if test -n "${nvidia_cards}"; then
+               addpredict "${nvidia_cards}"
+       fi
+       render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g')
+       if test -n "${render_cards}"; then
+               addpredict "${render_cards}"
+       fi
+       shopt -u nullglob
+       addpredict /dev/nvidiactl
+}
+
+src_configure() {
+       local depth=16
+       use q8 && depth=8
+       use q32 && depth=32
+
+       use perl && perl_check_env
+
+       [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket
+
+       local myeconfargs=(
+               $(use_enable static-libs static)
+               $(use_enable hdri)
+               $(use_enable opencl)
+               $(use_enable openmp)
+               --with-threads
+               --with-modules
+               --with-quantum-depth=${depth}
+               $(use_with cxx magick-plus-plus)
+               $(use_with perl)
+               --with-perl-options='INSTALLDIRS=vendor'
+               --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
+               $(use_with bzip2 bzlib)
+               $(use_with X x)
+               $(use_with zlib)
+               --without-autotrace
+               $(use_with postscript dps)
+               $(use_with djvu)
+               --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu
+               $(use_with fftw)
+               $(use_with fpx)
+               $(use_with fontconfig)
+               $(use_with truetype freetype)
+               $(use_with postscript gslib)
+               $(use_with graphviz gvc)
+               $(use_with heif heic)
+               $(use_with jbig)
+               $(use_with jpeg)
+               $(use_with jpeg2k openjp2)
+               $(use_with lcms)
+               $(use_with lqr)
+               $(use_with lzma)
+               $(use_with openexr)
+               $(use_with pango)
+               $(use_with png)
+               $(use_with raw)
+               $(use_with svg rsvg)
+               $(use_with tiff)
+               $(use_with webp)
+               $(use_with corefonts windows-font-dir 
"${EPREFIX}"/usr/share/fonts/corefonts)
+               $(use_with wmf)
+               $(use_with xml)
+               --with-gcc-arch=no-automagic
+
+               # Default upstream (as of 6.9.12.96/7.1.1.18 anyway) is open
+               # For now, let's make USE=hardened do 'limited', and have 
USE=-hardened
+               # reflect the upstream default of 'open'.
+               #
+               # We might change it to 'secure' and 'limited' at some point.
+               # See also bug #716674.
+               --with-security-policy=$(usex hardened limited open)
+       )
+
+       CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}"
+}
+
+src_test() {
+       # Install default (unrestricted) policy in ${HOME} for test suite, bug 
#664238
+       local _im_local_config_home="${HOME}/.config/ImageMagick"
+       mkdir -p "${_im_local_config_home}" || \
+               die "Failed to create IM config dir in 
'${_im_local_config_home}'"
+       cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" 
|| \
+               die "Failed to install default blank policy.xml in 
'${_im_local_config_home}'"
+
+       local im_command= IM_COMMANDS=()
+       IM_COMMANDS+=( "identify -version | grep -q -- \"${MY_PV}\"" ) # Verify 
that we are using version we just built
+       IM_COMMANDS+=( "identify -list policy" ) # Verify that policy.xml is 
used
+       IM_COMMANDS+=( "emake check" ) # Run tests
+
+       for im_command in "${IM_COMMANDS[@]}"; do
+               eval "${S}"/magick.sh \
+                       ${im_command} || \
+                       die "Failed to run \"${im_command}\""
+       done
+}
+
+src_install() {
+       # Ensure documentation installation files and paths with each release!
+       emake \
+               DESTDIR="${D}" \
+               DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \
+               install
+
+       rm -f "${ED}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt}
+       dodoc {AUTHORS,README}.txt
+
+       if use perl; then
+               find "${ED}" -type f -name perllocal.pod -exec rm -f {} +
+               find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} +
+       fi
+
+       find "${ED}" -name '*.la' -exec sed -i -e 
"/^dependency_libs/s:=.*:='':" {} +
+       # .la files in parent are not needed, keep plugin .la files
+       find "${ED}"/usr/$(get_libdir)/ -maxdepth 1 -name "*.la" -delete || die
+
+       if use opencl; then
+               cat <<-EOF > "${T}"/99${PN}
+               
SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/card0:/dev/dri/renderD128"
+               EOF
+
+               insinto /etc/sandbox.d
+               # bug #472766
+               doins "${T}"/99${PN}
+       fi
+
+       insinto /usr/share/${PN}
+       doins config/*icm
+}

Reply via email to