commit: c5fdab619c93a6853ff7d684de68bd2ebd4cfc4e Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Mon Aug 4 22:58:13 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Aug 4 23:00:12 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5fdab61
dev-libs/libgcrypt: add 1.11.2 Both the riscv and C23 issues are fixed upstream in this release. Closes: https://bugs.gentoo.org/951267 Closes: https://bugs.gentoo.org/955813 Signed-off-by: Sam James <sam <AT> gentoo.org> dev-libs/libgcrypt/Manifest | 2 + dev-libs/libgcrypt/libgcrypt-1.11.2.ebuild | 190 +++++++++++++++++++++++++++++ 2 files changed, 192 insertions(+) diff --git a/dev-libs/libgcrypt/Manifest b/dev-libs/libgcrypt/Manifest index 2e4f0d3014fd..3117be2ca963 100644 --- a/dev-libs/libgcrypt/Manifest +++ b/dev-libs/libgcrypt/Manifest @@ -6,3 +6,5 @@ DIST libgcrypt-1.11.0.tar.bz2 4180345 BLAKE2B fe3f42480c0b9a0c50c24f4c54197404b4 DIST libgcrypt-1.11.0.tar.bz2.sig 119 BLAKE2B e64d59dae5556e2826f6d297988a3300c36d05aeecfe19544c5092b5f7b777b9b3f37c5ddcfcba5a916ae237cf981efdd9e3bdec482f7c36b12ac5c70f9d4c52 SHA512 8c5ceb50d70ccdedcc1ff4b31a65a07198567b85f582e3e67699cc3e5d012bebf7b1d4903652d11905a9cd845976ad7d3642474804777d0bdc46c6847d92fe38 DIST libgcrypt-1.11.1.tar.bz2 4233557 BLAKE2B 6416c6a782665e8a8d1c7993d94e620c586cfb65f273bde3d609bd7ca729a92d7ac3e156dabea42c34dbe50af7ce9b16333f63115f968aebb2b4a6dd37d4b99c SHA512 85846d62ce785e4250a2bf8a2b13ec24837e48ab8e10d537ad4a18d650d2cca747f82fd1501feab47ad3114b9593b36c9fa7a892f48139e2a71ef61295a47678 DIST libgcrypt-1.11.1.tar.bz2.sig 119 BLAKE2B b8d5bca5b903b34f48694a49e6da2c1ce449b0b28a71b9a0a6ce156e413cd19510ae7bc051bbc194bb17eec07501ee58538b45baf89918803077645f22c2244c SHA512 a9b9e2466f32623f417574537656f776baf9a933fba96fd969dda26b6bf13864ee5765112654b269f79a7f20a4a0712cf8cec7be759966088045bca040e01edc +DIST libgcrypt-1.11.2.tar.bz2 4237802 BLAKE2B 8ad2dd84e8ec2bddb5c008c6823a6d72b8f2d6237972966bc590be0d89bb6b50a5cbba1b42631d0950c4bea125a6d9a845fbf703b756a38088f66054712efa9c SHA512 b706cea602cc8f0896e57ce979643bf78974b05faec27c1b053b773c57d8b04250e30e95a4ef5899e1df981d01d8d08f0a36e10b5820a5ec4183e74c02e5f1f0 +DIST libgcrypt-1.11.2.tar.bz2.sig 147 BLAKE2B 5126fa06a9a67b2b71711f76ecbf9f3596f300f97256378961768a2f3c3927321da649eb0df4ddfb653e4503712b8b3c363c252bcb83ca53c7eea89a3ac8d4d4 SHA512 73b1d6d53e2f9061f06628a0fe983919f745c1c92930fd6a9871a0a3a589878efe68ec48b4e17e3fd3c1e098bc38c38cc8895246cee25463377a8bfa8590b164 diff --git a/dev-libs/libgcrypt/libgcrypt-1.11.2.ebuild b/dev-libs/libgcrypt/libgcrypt-1.11.2.ebuild new file mode 100644 index 000000000000..c25e8ab2f468 --- /dev/null +++ b/dev-libs/libgcrypt/libgcrypt-1.11.2.ebuild @@ -0,0 +1,190 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc +inherit autotools flag-o-matic linux-info multilib-minimal toolchain-funcs verify-sig + +DESCRIPTION="General purpose crypto library based on the code used in GnuPG" +HOMEPAGE="https://www.gnupg.org/"; +SRC_URI="mirror://gnupg/${PN}/${P}.tar.bz2" +SRC_URI+=" verify-sig? ( mirror://gnupg/${PN}/${P}.tar.bz2.sig )" + +LICENSE="LGPL-2.1+ GPL-2+ MIT" +SLOT="0/20" # subslot = soname major version +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="+asm doc +getentropy static-libs" +IUSE+=" cpu_flags_arm_neon cpu_flags_arm_aes cpu_flags_arm_sha1 cpu_flags_arm_sha2 cpu_flags_arm_sve" +IUSE+=" cpu_flags_ppc_altivec cpu_flags_ppc_vsx2 cpu_flags_ppc_vsx3" +IUSE+=" cpu_flags_x86_aes cpu_flags_x86_avx cpu_flags_x86_avx2 cpu_flags_x86_avx512f cpu_flags_x86_padlock cpu_flags_x86_sha cpu_flags_x86_sse4_1" + +# Build system only has --disable-arm-crypto-support right now +# If changing this, update src_configure logic too. +# ARM CPUs seem to, right now, support all-or-nothing for crypto extensions, +# but this looks like it might change in future. This is just a safety check +# in case people somehow do have a CPU which only supports some. They must +# for now disable them all if that's the case. +REQUIRED_USE=" + cpu_flags_arm_aes? ( cpu_flags_arm_sha1 cpu_flags_arm_sha2 ) + cpu_flags_arm_sha1? ( cpu_flags_arm_aes cpu_flags_arm_sha2 ) + cpu_flags_arm_sha2? ( cpu_flags_arm_aes cpu_flags_arm_sha1 ) + cpu_flags_ppc_vsx3? ( cpu_flags_ppc_altivec cpu_flags_ppc_vsx2 ) + cpu_flags_ppc_vsx2? ( cpu_flags_ppc_altivec ) +" + +RDEPEND=" + >=dev-libs/libgpg-error-1.49[${MULTILIB_USEDEP}] + getentropy? ( + kernel_linux? ( + elibc_glibc? ( >=sys-libs/glibc-2.25 ) + elibc_musl? ( >=sys-libs/musl-1.1.20 ) + ) + ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + doc? ( virtual/texi2dvi ) + verify-sig? ( sec-keys/openpgp-keys-gnupg ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-multilib-syspath.patch + "${FILESDIR}"/${PN}-powerpc-darwin.patch +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/libgcrypt-config +) + +pkg_pretend() { + if [[ ${MERGE_TYPE} == buildonly ]]; then + return + fi + if use kernel_linux && use getentropy; then + unset KV_FULL + get_running_version + if [[ -n ${KV_FULL} ]] && kernel_is -lt 3 17; then + eerror "The getentropy function requires the getrandom syscall." + eerror "This was introduced in Linux 3.17." + eerror "Your system is currently running Linux ${KV_FULL}." + eerror "Disable the 'getentropy' USE flag or upgrade your kernel." + die "Kernel is too old for getentropy" + fi + fi +} + +pkg_setup() { + : +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # Sensitive to optimisation; parts of the codebase are built with + # -O0 already. Don't risk it with UB. + strip-flags + + # Temporary workaround for a build failure (known gcc issue): + # + # * https://bugs.gentoo.org/956605 + # * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110812 + # + use riscv && filter-lto + + # Temporary workaround for mfpmath=sse on x86 causing issues when -msse is + # stripped as it's not clear cut on how to handle in flag-o-matic we can at + # least solve it the ebuild see https://bugs.gentoo.org/959349 + use x86 && filter-flags -mfpmath=sse + + # Hardcodes the path to FGREP in libgcrypt-config + export ac_cv_path_SED="sed" + export ac_cv_path_EGREP="grep -E" + export ac_cv_path_EGREP_TRADITIONAL="grep -E" + export ac_cv_path_FGREP="grep -F" + export ac_cv_path_GREP="grep" + + multilib-minimal_src_configure +} + +multilib_src_configure() { + if [[ ${CHOST} == powerpc* ]] ; then + # ./configure does a lot of automagic, prevent that + # generic ppc32+ppc64 altivec + use cpu_flags_ppc_altivec || local -x gcry_cv_cc_ppc_altivec=no + use cpu_flags_ppc_altivec || local -x gcry_cv_cc_ppc_altivec_cflags=no + # power8 vector extension, aka arch 2.07 ISA, also checked below via ppc-crypto-support + use cpu_flags_ppc_vsx2 || local -x gcry_cv_gcc_inline_asm_ppc_altivec=no + # power9 vector extension, aka arch 3.00 ISA + use cpu_flags_ppc_vsx3 || local -x gcry_cv_gcc_inline_asm_ppc_arch_3_00=no + fi + + append-ldflags $(test-flags-CCLD -Wl,--undefined-version) + + local myeconfargs=( + CC_FOR_BUILD="$(tc-getBUILD_CC)" + + --enable-noexecstack + $(use_enable cpu_flags_arm_neon neon-support) + # See REQUIRED_USE comment above + $(use_enable cpu_flags_arm_aes arm-crypto-support) + $(use_enable cpu_flags_arm_sve sve-support) + $(use_enable cpu_flags_ppc_vsx2 ppc-crypto-support) + $(use_enable cpu_flags_x86_aes aesni-support) + $(use_enable cpu_flags_x86_avx avx-support) + $(use_enable cpu_flags_x86_avx2 avx2-support) + $(use_enable cpu_flags_x86_avx512f avx512-support) + $(use_enable cpu_flags_x86_padlock padlock-support) + $(use_enable cpu_flags_x86_sha shaext-support) + $(use_enable cpu_flags_x86_sse4_1 sse41-support) + # required for sys-power/suspend[crypt], bug 751568 + $(use_enable static-libs static) + + # disabled due to various applications requiring privileges + # after libgcrypt drops them (bug #468616) + --without-capabilities + + $(use asm || echo "--disable-asm") + + GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config" + ) + + if use kernel_linux; then + # --enable-random=getentropy requires getentropy/getrandom. + # --enable-random=linux enables legacy code that tries getrandom + # and falls back to reading /dev/random. + myeconfargs+=( --enable-random=$(usex getentropy getentropy linux) ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" \ + $("${S}/configure" --help | grep -o -- '--without-.*-prefix') +} + +multilib_src_compile() { + default + multilib_is_native_abi && use doc && VARTEXFONTS="${T}/fonts" emake -C doc gcrypt.pdf +} + +multilib_src_test() { + # t-secmem and t-sexp need mlock which requires extra privileges; nspawn + # at least disallows that by default. + local -x GCRYPT_IN_ASAN_TEST=1 + # Avoid running (very) expensive bench-slope test. On hppa, it + # takes at least 7 hours. + local -x GCRYPT_NO_BENCHMARKS=1 + + default +} + +multilib_src_install() { + emake DESTDIR="${D}" install + multilib_is_native_abi && use doc && dodoc doc/gcrypt.pdf +} + +multilib_src_install_all() { + default + find "${ED}" -type f -name '*.la' -delete || die +}
