net-libs/mbedtls: slotting version 3

MbedTLS breaks API compatibility between major versions, and some packages are unable or not willing to migrate from slowly deprecating mbedtls-2 branches, so we are forced to keep them both for a while. Upstream PR: https://github.com/Mbed-TLS/mbedtls/pull/8800 [sam: Note that: a) upstream are fine with us doing this (per the upstream PR), and b) consumers (almost?) always use CMake config files so they automatically pick up the slotting.] Bug: https://bugs.gentoo.org/805011 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Sam James <sam@gentoo.org>
2026-01-06 02:17:34 -08:00 · 2024-12-01 01:46:04 +03:00 · 2024-12-01 01:46:04 +03:00 · 59eca6456e
commit 59eca6456e
parent 83b4ca63f6
5 changed files with 386 additions and 0 deletions
--- a/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch
@ -0,0 +1,79 @@
+https://github.com/Mbed-TLS/mbedtls/pull/9876
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sun, 1 Dec 2024 00:49:15 +0300
+Subject: Add version suffix for all installable targets
+
+Convert main library targets to slottable versions. This allows to
+install major versions of MbedTLS simultaneously.
+
+Dependent packages should use `find_package(MbedTLS 3 [REQUIRED])` and
+`MbedTLS::<component>` in order to use requested libraries.
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -478,7 +478,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+     install(
+         FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
+               "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake"
+-        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS")
+        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}")
+ 
+     export(
+         EXPORT MbedTLSTargets
+@@ -488,7 +488,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+     install(
+         EXPORT MbedTLSTargets
+         NAMESPACE MbedTLS::
+-        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS"
+        DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/MbedTLS-${PROJECT_VERSION_MAJOR}"
+         FILE "MbedTLSTargets.cmake")
+ 
+     if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
+--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
+@@ -277,7 +277,7 @@ set(everest_target "${MBEDTLS_TARGET_PREFIX}everest")
+ 
+ if(USE_STATIC_MBEDTLS_LIBRARY)
+     add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
+-    set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
+    set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
+ 
+     if(TARGET ${everest_target})
+@@ -289,11 +289,11 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
+     endif()
+ 
+     add_library(${mbedx509_static_target} STATIC ${src_x509})
+-    set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
+    set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
+ 
+     add_library(${mbedtls_static_target} STATIC ${src_tls})
+-    set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
+    set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
+ endif(USE_STATIC_MBEDTLS_LIBRARY)
+ 
+@@ -301,6 +301,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
+     set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
+     add_library(${mbedcrypto_target} SHARED ${src_crypto})
+     set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.2 SOVERSION 16)
+    set_target_properties(${mbedcrypto_target} PROPERTIES OUTPUT_NAME mbedcrypto${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
+ 
+     if(TARGET ${everest_target})
+@@ -313,10 +314,12 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
+ 
+     add_library(${mbedx509_target} SHARED ${src_x509})
+     set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.2 SOVERSION 7)
+    set_target_properties(${mbedx509_target} PROPERTIES OUTPUT_NAME mbedx509${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
+ 
+     add_library(${mbedtls_target} SHARED ${src_tls})
+     set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.2 SOVERSION 21)
+    set_target_properties(${mbedtls_target} PROPERTIES OUTPUT_NAME mbedtls${PROJECT_VERSION_MAJOR})
+     target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
+ endif(USE_SHARED_MBEDTLS_LIBRARY)
+ 
+-- 
+2.45.2
+
--- a/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch
@ -0,0 +1,71 @@
+https://github.com/Mbed-TLS/mbedtls/pull/9876
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sun, 1 Dec 2024 00:54:10 +0300
+Subject: Add version suffix for pkg-config files
+
+Convert main library targets to slottable versions. This allows to
+install major versions of MbedTLS simultaneously.
+
+Dependent packages should use
+`pkg-config --libs --cflags (mbedtls3|mbedx5093|mbedx5093)` in order to use
+requested libraries.
+--- a/pkgconfig/CMakeLists.txt
+++ b/pkgconfig/CMakeLists.txt
+@@ -8,18 +8,18 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+   set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.")
+   set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
+ 
+-  configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY)
+  configure_file(mbedcrypto.pc.in mbedcrypto${PROJECT_VERSION_MAJOR}.pc @ONLY)
+     install(FILES
+-    ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc
+    ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto${PROJECT_VERSION_MAJOR}.pc
+     DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+ 
+-  configure_file(mbedtls.pc.in mbedtls.pc @ONLY)
+  configure_file(mbedtls.pc.in mbedtls${PROJECT_VERSION_MAJOR}.pc @ONLY)
+     install(FILES
+-    ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc
+    ${CMAKE_CURRENT_BINARY_DIR}/mbedtls${PROJECT_VERSION_MAJOR}.pc
+     DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+ 
+-  configure_file(mbedx509.pc.in mbedx509.pc @ONLY)
+  configure_file(mbedx509.pc.in mbedx509${PROJECT_VERSION_MAJOR}.pc @ONLY)
+     install(FILES
+-    ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc
+    ${CMAKE_CURRENT_BINARY_DIR}/mbedx509${PROJECT_VERSION_MAJOR}.pc
+     DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+ endif()
+--- a/pkgconfig/mbedcrypto.pc.in
+++ b/pkgconfig/mbedcrypto.pc.in
+@@ -7,4 +7,4 @@ Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+ Version: @PROJECT_VERSION@
+ Cflags: -I"${includedir}"
+-Libs: -L"${libdir}" -lmbedcrypto
+Libs: -L"${libdir}" -lmbedcrypto@PROJECT_VERSION_MAJOR@
+--- a/pkgconfig/mbedtls.pc.in
+++ b/pkgconfig/mbedtls.pc.in
+@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@
+ Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+ Version: @PROJECT_VERSION@
+-Requires.private: mbedcrypto mbedx509
+Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@ mbedx509@PROJECT_VERSION_MAJOR@
+ Cflags: -I"${includedir}"
+-Libs: -L"${libdir}" -lmbedtls
+Libs: -L"${libdir}" -lmbedtls@PROJECT_VERSION_MAJOR@
+--- a/pkgconfig/mbedx509.pc.in
+++ b/pkgconfig/mbedx509.pc.in
+@@ -6,6 +6,6 @@ Name: @PROJECT_NAME@
+ Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+ Version: @PROJECT_VERSION@
+-Requires.private: mbedcrypto
+Requires.private: mbedcrypto@PROJECT_VERSION_MAJOR@
+ Cflags: -I"${includedir}"
+-Libs: -L"${libdir}" -lmbedx509
+Libs: -L"${libdir}" -lmbedx509@PROJECT_VERSION_MAJOR@
+-- 
+2.45.2
+
--- a/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-allow-install-headers-to-different-location.patch
@ -0,0 +1,105 @@
+https://github.com/Mbed-TLS/mbedtls/pull/9876
+From 6a0c205d86a96772b82c4d7e7dfce5ea362c7870 Mon Sep 17 00:00:00 2001
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sat, 30 Nov 2024 02:17:17 +0300
+Subject: Allow install headers to different location
+
+Use standard `CMAKE_INSTALL_INCLUDEDIR` and `CMAKE_INSTALL_LIBDIR`
+location to define headers and library installation. This variable can be
+redefined on configuration phase to allow install headers and libraries to
+different location (like `include/mbedtls3`, #8723).
+
+Additionally removing explicit permission rules as they may broke proper
+permissions for system installation (like remove executable bit from
+libraries). By default CMake sets permissions correctly on all files and
+directories.
+
+See #8723 for rationale.
+--- a/3rdparty/everest/CMakeLists.txt
+++ b/3rdparty/everest/CMakeLists.txt
+@@ -27,16 +27,16 @@ if(MBEDTLS_USER_CONFIG_FILE)
+ endif()
+ 
+ if(INSTALL_MBEDTLS_HEADERS)
+-
+   install(DIRECTORY include/everest
+-    DESTINATION include
+-    FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+-    DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+    DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+     FILES_MATCHING PATTERN "*.h")
+ 
+ endif(INSTALL_MBEDTLS_HEADERS)
+ 
+ install(TARGETS ${everest_target}
+   EXPORT MbedTLSTargets
+-  DESTINATION ${CMAKE_INSTALL_LIBDIR}
+-  PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+  LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+  ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+  RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+  INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+)
+--- a/3rdparty/p256-m/CMakeLists.txt
+++ b/3rdparty/p256-m/CMakeLists.txt
+@@ -25,16 +25,16 @@ if(MBEDTLS_USER_CONFIG_FILE)
+ endif()
+ 
+ if(INSTALL_MBEDTLS_HEADERS)
+-
+-  install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
+-    DESTINATION include
+-    FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+-    DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+  install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+    DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+     FILES_MATCHING PATTERN "*.h")
+ 
+ endif(INSTALL_MBEDTLS_HEADERS)
+ 
+ install(TARGETS ${p256m_target}
+-EXPORT MbedTLSTargets
+-DESTINATION ${CMAKE_INSTALL_LIBDIR}
+-PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+  EXPORT MbedTLSTargets
+  LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+  ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+  RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+  INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+)
+--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
+@@ -1,16 +1,15 @@
+ option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
+ 
+ if(INSTALL_MBEDTLS_HEADERS)
+-
+     file(GLOB headers "mbedtls/*.h")
+     file(GLOB psa_headers "psa/*.h")
+ 
+     install(FILES ${headers}
+-        DESTINATION include/mbedtls
+        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ 
+     install(FILES ${psa_headers}
+-        DESTINATION include/psa
+        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/psa
+         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ 
+ endif(INSTALL_MBEDTLS_HEADERS)
+--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
+@@ -348,7 +348,8 @@ foreach(target IN LISTS target_libraries)
+         ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+         LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+         RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+-        PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+        INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
+    )
+ endforeach(target)
+ 
+ set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
+-- 
+2.45.2
+
--- a/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch
+++ b/net-libs/mbedtls/files/mbedtls-3.6.2-exclude-static-3dparty.patch
@ -0,0 +1,22 @@
+https://github.com/Mbed-TLS/mbedtls/pull/8284#issuecomment-2030088495
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Sun, 1 Dec 2024 20:56:50 +0300
+Subject: Exclude 3rd party code from building
+
+Third party code is required only for limited features that not enabled by default.
+
+See: https://github.com/Mbed-TLS/mbedtls/pull/8284#issuecomment-2030088495
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -325,8 +325,6 @@ add_subdirectory(framework)
+ 
+ add_subdirectory(include)
+ 
+-add_subdirectory(3rdparty)
+-
+ add_subdirectory(library)
+ 
+ add_subdirectory(pkgconfig)
+-- 
+2.45.2
+
--- a/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild
+++ b/net-libs/mbedtls/mbedtls-3.6.2-r100.ebuild
@ -0,0 +1,109 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit cmake flag-o-matic multilib-minimal python-any-r1
+
+DESCRIPTION="Cryptographic library for embedded systems"
+HOMEPAGE="https://www.trustedfirmware.org/projects/mbed-tls/"
+SRC_URI="https://github.com/Mbed-TLS/mbedtls/releases/download/${P}/${P}.tar.bz2"
+
+LICENSE="|| ( Apache-2.0 GPL-2+ )"
+SLOT="3/16.21.7" # ffmpeg subslot naming: SONAME tuple of {libmbedcrypto.so,libmbedtls.so,libmbedx509.so}
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="cpu_flags_x86_sse2 doc programs static-libs test threads"
+RESTRICT="!test? ( test )"
+
+RDEPEND="!>net-libs/mbedtls-3:0"
+BDEPEND="
+	${PYTHON_DEPS}
+	doc? (
+		app-text/doxygen
+		media-gfx/graphviz
+	)
+	test? ( dev-lang/perl )
+"
+
+PATCHES=(
+	"${FILESDIR}/mbedtls-3.6.2-allow-install-headers-to-different-location.patch"
+	"${FILESDIR}/mbedtls-3.6.2-add-version-suffix-for-all-installable-targets.patch"
+	"${FILESDIR}/mbedtls-3.6.2-add-version-suffix-for-pkg-config-files.patch"
+	"${FILESDIR}/mbedtls-3.6.2-exclude-static-3dparty.patch"
+)
+
+enable_mbedtls_option() {
+	local myopt="$@"
+	# check that config.h syntax is the same at version bump
+	sed -i \
+		-e "s://#define ${myopt}:#define ${myopt}:" \
+		include/mbedtls/mbedtls_config.h || die
+}
+
+src_prepare() {
+	use cpu_flags_x86_sse2 && enable_mbedtls_option MBEDTLS_HAVE_SSE2
+	use threads && enable_mbedtls_option MBEDTLS_THREADING_C
+	use threads && enable_mbedtls_option MBEDTLS_THREADING_PTHREAD
+
+	cmake_src_prepare
+}
+
+src_configure() {
+	# Workaround for https://github.com/Mbed-TLS/mbedtls/issues/9814 (bug #946544)
+	append-flags $(test-flags-CC -fzero-init-padding-bits=unions)
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	local mycmakeargs=(
+		-DENABLE_PROGRAMS=$(multilib_native_usex programs)
+		-DENABLE_TESTING=$(usex test)
+		-DINSTALL_MBEDTLS_HEADERS=ON
+		-DCMAKE_INSTALL_INCLUDEDIR="include/mbedtls3"
+		-DLINK_WITH_PTHREAD=$(usex threads)
+		-DMBEDTLS_FATAL_WARNINGS=OFF # Don't use -Werror, #744946
+		-DUSE_SHARED_MBEDTLS_LIBRARY=ON
+		-DUSE_STATIC_MBEDTLS_LIBRARY=$(usex static-libs)
+	)
+
+	cmake_src_configure
+}
+
+multilib_src_compile() {
+	cmake_src_compile
+	use doc && multilib_is_native_abi && emake -C "${S}" apidoc
+}
+
+multilib_src_test() {
+	# Disable parallel run, bug #718390
+	# https://github.com/Mbed-TLS/mbedtls/issues/4980
+	LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:${BUILD_DIR}/library" \
+		cmake_src_test -j1
+}
+
+multilib_src_install() {
+	cmake_src_install
+}
+
+multilib_src_install_all() {
+	use doc && HTML_DOCS=( apidoc )
+
+	einstalldocs
+
+	if use programs ; then
+		# avoid file collisions with sys-apps/coreutils
+		local p e
+		for p in "${ED}"/usr/bin/* ; do
+			if [[ -x "${p}" && ! -d "${p}" ]] ; then
+				mv "${p}" "${ED}"/usr/bin/mbedtls_${p##*/} || die
+			fi
+		done
+		for e in aes hash pkey ssl test ; do
+			docinto "${e}"
+			dodoc programs/"${e}"/*.c
+			dodoc programs/"${e}"/*.txt
+		done
+	fi
+}