commit: 643f04360ac6f258d37d6fb5e0c71868a4e0f1c5 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sun Sep 24 01:50:43 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Sep 24 01:50:43 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=643f0436
media-gfx/imagemagick: add 7.1.1.18 (w/ USE=hardened) This adds a USE=hardened which sets the new configure arg (added between .15 and .18) called --with-security-policy. It defaults upstream to 'open'. We follow that default for USE=-hardened, but set it to 'limited' for USE=hardened. Bug: https://bugs.gentoo.org/716674 Signed-off-by: Sam James <sam <AT> gentoo.org> media-gfx/imagemagick/Manifest | 1 + media-gfx/imagemagick/imagemagick-7.1.1.18.ebuild | 247 ++++++++++++++++++++++ 2 files changed, 248 insertions(+) diff --git a/media-gfx/imagemagick/Manifest b/media-gfx/imagemagick/Manifest index 83b4155d2ce2..afb3633f3502 100644 --- a/media-gfx/imagemagick/Manifest +++ b/media-gfx/imagemagick/Manifest @@ -4,4 +4,5 @@ DIST ImageMagick-6.9.12-93.tar.xz 9261928 BLAKE2B 245ea5bdf49c1d4ca4e0cb34537748 DIST ImageMagick-6.9.12-96.tar.xz 9275248 BLAKE2B 81cad8da2d809d38c0146d54a7a39b75d39ac88138ef504a669aaa8293452baa1a1985568e80e4128e76fb3eded5d7111a45d47eea59b827e652ca5ee1a6396e SHA512 ffdc40d37919ec19ffd47955a39351a3532caca355f73f93bda1577157346a7d8b5727c4c8abddc87262bd9442e1af4ad8aae748a1364c28a407c3fb8c42ffb5 DIST ImageMagick-7.1.1-11.tar.xz 10196156 BLAKE2B 328ffe6dbf30b597ec56f94ab5e74cca553cb47eca244c76b91273c278c097990fb8ed7eeaa22311d4408022808e752cbb4c8775c56b3d64d3a4216487093e9e SHA512 b3c839457b62a6b83d3ab9cf12bda2f41030eed75ae5ff898331ffdfe202a93ea8284c8f8608f4ecd013c7eb0c4cbef6527caff62bcf382d62e8531389628fc3 DIST ImageMagick-7.1.1-15.tar.xz 10200668 BLAKE2B e9910b94d1a47641785cf05b1bfe99f310619aa48d32eb42823b7e83b9be2904e6ebc63965e6eaca2ed1162e6b0055f54bac946602759941a0d20fbf7502bf9d SHA512 afd6216d423a2b8b03727bac089bb83a0fe43c9bfc4c244d4ad5b1c8fa4c3a47be4c7556ef8f008debd0252c7b176c54caddd3c5c8b0ea4f5ca1836943326e8a +DIST ImageMagick-7.1.1-18.tar.xz 10221468 BLAKE2B 1c4813f9fce578c9389922de5a4dbd8b0d925d1589844e3a3209b1045e03a254801abe9bf8570309b1ac701cb42d62ac497cda77a83efa720cf4cddf3ccec09e SHA512 5e62696089bc4f8510d19862d453d289db82bd6525b31575d61dfcfaf28b28f2d70d87dd4679972e2547380ac6c29520769f74825195ea529c2699be792baffd DIST ImageMagick-7.1.1-6.tar.xz 10392592 BLAKE2B ed02f36d0014f2699db5df0eb1cf3b18ccbdbee92e3a3bcfb85084672faeb984c6bb27cdf46349768f936ac91ebac744aa00fa3a95fcf1f02a4969f315d2079d SHA512 52aa9aca4d987ee8f2142ce2e192230465399435d0cd7e64683349d0da1f52f2fbd03a2c667605c0c9da66435f84df173c60b7eb93ecada691e801e08dd9fd48 diff --git a/media-gfx/imagemagick/imagemagick-7.1.1.18.ebuild b/media-gfx/imagemagick/imagemagick-7.1.1.18.ebuild new file mode 100644 index 000000000000..93a5b83426a4 --- /dev/null +++ b/media-gfx/imagemagick/imagemagick-7.1.1.18.ebuild @@ -0,0 +1,247 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +QA_PKGCONFIG_VERSION=$(ver_cut 1-3) +inherit autotools flag-o-matic perl-functions toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"; + inherit git-r3 + MY_P="imagemagick-9999" +else + MY_PV="$(ver_rs 3 '-')" + MY_P="ImageMagick-${MY_PV}" + SRC_URI="mirror://imagemagick/${MY_P}.tar.xz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +S="${WORKDIR}/${MY_P}" + +DESCRIPTION="A collection of tools and libraries for many image formats" +HOMEPAGE="https://www.imagemagick.org/"; + +LICENSE="imagemagick" +# Please check this on bumps, SONAME is often not updated! Use abidiff on old/new. +# If ABI is broken, change the bit after the '-'. +SLOT="0/$(ver_cut 1-3)-18" +IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hardened hdri heif jbig jpeg jpeg2k jpegxl lcms lqr lzma opencl openexr openmp pango perl +png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zip zlib" + +REQUIRED_USE="corefonts? ( truetype ) + svg? ( xml ) + test? ( corefonts )" + +RESTRICT="!test? ( test )" + +RDEPEND=" + !media-gfx/graphicsmagick[imagemagick] + dev-libs/libltdl + bzip2? ( app-arch/bzip2 ) + corefonts? ( media-fonts/corefonts ) + djvu? ( app-text/djvu ) + fftw? ( sci-libs/fftw:3.0 ) + fontconfig? ( media-libs/fontconfig ) + fpx? ( >=media-libs/libfpx-1.3.0-r1 ) + graphviz? ( media-gfx/graphviz ) + heif? ( media-libs/libheif:=[x265] ) + jbig? ( >=media-libs/jbigkit-2:= ) + jpeg? ( media-libs/libjpeg-turbo:= ) + jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 ) + jpegxl? ( >=media-libs/libjxl-0.6:= ) + lcms? ( media-libs/lcms:2= ) + lqr? ( media-libs/liblqr ) + opencl? ( virtual/opencl ) + openexr? ( media-libs/openexr:0= ) + pango? ( x11-libs/pango ) + perl? ( >=dev-lang/perl-5.8.8:= ) + png? ( media-libs/libpng:= ) + postscript? ( app-text/ghostscript-gpl:= ) + raw? ( media-libs/libraw:= ) + svg? ( + gnome-base/librsvg + media-gfx/potrace + ) + tiff? ( media-libs/tiff:= ) + truetype? ( + media-fonts/urw-fonts + >=media-libs/freetype-2 + ) + webp? ( media-libs/libwebp:= ) + wmf? ( media-libs/libwmf ) + X? ( + x11-libs/libICE + x11-libs/libSM + x11-libs/libXext + x11-libs/libXt + ) + xml? ( dev-libs/libxml2 ) + lzma? ( app-arch/xz-utils ) + zip? ( dev-libs/libzip:= ) + zlib? ( sys-libs/zlib:= )" +DEPEND="${RDEPEND} + X? ( x11-base/xorg-proto )" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${PN}-9999-nocputuning.patch" +) + +pkg_pretend() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +src_prepare() { + default + + #elibtoolize # for Darwin modules + eautoreconf + + # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 + local ati_cards mesa_cards nvidia_cards render_cards + shopt -s nullglob + ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') + if test -n "${ati_cards}"; then + addpredict "${ati_cards}" + fi + mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g') + if test -n "${mesa_cards}"; then + addpredict "${mesa_cards}" + fi + nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g') + if test -n "${nvidia_cards}"; then + addpredict "${nvidia_cards}" + fi + render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g') + if test -n "${render_cards}"; then + addpredict "${render_cards}" + fi + shopt -u nullglob + addpredict /dev/nvidiactl +} + +src_configure() { + local depth=16 + use q8 && depth=8 + use q32 && depth=32 + + use perl && perl_check_env + + [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket + + local myeconfargs=( + $(use_enable static-libs static) + $(use_enable hdri) + $(use_enable opencl) + $(use_enable openmp) + --with-threads + --with-modules + --with-quantum-depth=${depth} + $(use_with cxx magick-plus-plus) + $(use_with perl) + --with-perl-options='INSTALLDIRS=vendor' + --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts + $(use_with bzip2 bzlib) + $(use_with X x) + $(use_with zip) + $(use_with zlib) + --without-autotrace + $(use_with postscript dps) + $(use_with djvu) + --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu + $(use_with fftw) + $(use_with fpx) + $(use_with fontconfig) + $(use_with truetype freetype) + $(use_with postscript gslib) + $(use_with graphviz gvc) + $(use_with heif heic) + $(use_with jbig) + $(use_with jpeg) + $(use_with jpeg2k openjp2) + $(use_with jpegxl jxl) + $(use_with lcms) + $(use_with lqr) + $(use_with lzma) + $(use_with openexr) + $(use_with pango) + $(use_with png) + $(use_with raw) + $(use_with svg rsvg) + $(use_with tiff) + $(use_with webp) + $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts) + $(use_with wmf) + $(use_with xml) + + # Default upstream (as of 6.9.12.96/7.1.1.18 anyway) is open + # For now, let's make USE=hardened do 'limited', and have USE=-hardened + # reflect the upstream default of 'open'. + # + # We might change it to 'secure' and 'limited' at some point. + # See also bug #716674. + --with-security-policy=$(usex hardened limited open) + ) + + CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}" +} + +src_test() { + # Install default (unrestricted) policy in $HOME for test suite, bug #664238 + local _im_local_config_home="${HOME}/.config/ImageMagick" + mkdir -p "${_im_local_config_home}" || \ + die "Failed to create IM config dir in '${_im_local_config_home}'" + cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \ + die "Failed to install default blank policy.xml in '${_im_local_config_home}'" + + local im_command= IM_COMMANDS=() + if [[ ${PV} == 9999 ]] ; then + IM_COMMANDS+=( "magick -version" ) # Show version we are using -- cannot verify because of live ebuild + else + IM_COMMANDS+=( "magick -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built + fi + IM_COMMANDS+=( "magick -list policy" ) # Verify that policy.xml is used + IM_COMMANDS+=( "emake check" ) # Run tests + + for im_command in "${IM_COMMANDS[@]}"; do + eval "${S}"/magick.sh \ + ${im_command} || \ + die "Failed to run \"${im_command}\"" + done +} + +src_install() { + # Ensure documentation installation files and paths with each release! + emake \ + DESTDIR="${D}" \ + DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \ + install + + rm -f "${ED}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt} + dodoc {AUTHORS,README}.txt + + if use perl; then + find "${ED}" -type f -name perllocal.pod -exec rm -f {} + + find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} + + fi + + find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} + + # .la files in parent are not needed, keep plugin .la files + find "${ED}"/usr/$(get_libdir)/ -maxdepth 1 -name "*.la" -delete || die + + if use opencl; then + cat <<-EOF > "${T}"/99${PN} + SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/card0:/dev/dri/renderD128" + EOF + + insinto /etc/sandbox.d + doins "${T}"/99${PN} #472766 + fi + + insinto /usr/share/${PN} + doins config/*icm +}
