From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1358556-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 37E9B158087
	for <garchives@archives.gentoo.org>; Mon, 17 Jan 2022 03:01:21 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 4BC9E2BC019;
	Mon, 17 Jan 2022 03:01:20 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 2A2132BC019
	for <gentoo-commits@lists.gentoo.org>; Mon, 17 Jan 2022 03:01:20 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id BDBA8335DC0
	for <gentoo-commits@lists.gentoo.org>; Mon, 17 Jan 2022 03:01:18 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 0AB0C24E
	for <gentoo-commits@lists.gentoo.org>; Mon, 17 Jan 2022 03:01:17 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1642388322.7ce5b6fde46ba698919feec73ccee5bdaaf4f8c6.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/libgcrypt/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-libs/libgcrypt/libgcrypt-1.9.4.ebuild
X-VCS-Directories: dev-libs/libgcrypt/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 7ce5b6fde46ba698919feec73ccee5bdaaf4f8c6
X-VCS-Branch: master
Date: Mon, 17 Jan 2022 03:01:17 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: d6d8dbb1-cd6f-445c-a96f-1b36b1de92a1
X-Archives-Hash: 94db5665e8ec0effb2c4ca953f63e71c

commit:     7ce5b6fde46ba698919feec73ccee5bdaaf4f8c6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 17 02:58:42 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan 17 02:58:42 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ce5b6fd

dev-libs/libgcrypt: wire up CPU_FLAGS_ARM_* for crypto extensions

Note that we currently use an all-or-nothing approach as I'm
only aware of ARM CPUs supporting all of: cpu_flags_arm_{aes,sha1,sha2}
or none, but it does look like it's possible (or will be in future)
to support some crypto extensions but not all.

The libgcrypt build system only exposes --disable-arm-crypto-support which
uses at least both AES and SHA* instructions right now with no way to disable
just one.

Given in the wild, we're only aware of all-or-nothing CPUs, let's
just add REQUIRED_USE logic for safety for now, and enable/disable based
on all of cpu_flags_arm_{aes,sha1,sha2} being set by the user (which, again,
should be the case for all known CPUs. cpuid2cpuflags will do this automatically.)

Needed to avoid automagic usage of crypto extensions which may cause
problems for e.g. binpkgs.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/libgcrypt/libgcrypt-1.9.4.ebuild | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/dev-libs/libgcrypt/libgcrypt-1.9.4.ebuild b/dev-libs/libgcrypt/libgcrypt-1.9.4.ebuild
index c7244661f75b..f8ee619d921b 100644
--- a/dev-libs/libgcrypt/libgcrypt-1.9.4.ebuild
+++ b/dev-libs/libgcrypt/libgcrypt-1.9.4.ebuild
@@ -12,7 +12,17 @@ SRC_URI="mirror://gnupg/${PN}/${P}.tar.bz2"
 LICENSE="LGPL-2.1 MIT"
 SLOT="0/20" # subslot = soname major version
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+asm cpu_flags_arm_neon cpu_flags_ppc_vsx2 cpu_flags_x86_aes cpu_flags_x86_avx cpu_flags_x86_avx2 cpu_flags_x86_padlock cpu_flags_x86_sha cpu_flags_x86_sse4_1 doc o-flag-munging static-libs"
+IUSE="+asm cpu_flags_arm_neon cpu_flags_arm_aes cpu_flags_arm_sha1 cpu_flags_arm_sha2 cpu_flags_ppc_vsx2 cpu_flags_x86_aes cpu_flags_x86_avx cpu_flags_x86_avx2 cpu_flags_x86_padlock cpu_flags_x86_sha cpu_flags_x86_sse4_1 doc o-flag-munging static-libs"
+
+# Build system only has --disable-arm-crypto-support right now
+# If changing this, update src_configure logic too.
+# ARM CPUs seem to, right now, support all-or-nothing for crypto extensions,
+# but this looks like it might change in future. This is just a safety check
+# in case people somehow do have a CPU which only supports some. They must
+# for now disable them all if that's the case.
+REQUIRED_USE="cpu_flags_arm_aes? ( cpu_flags_arm_sha1 cpu_flags_arm_sha2 )
+	cpu_flags_arm_sha1? ( cpu_flags_arm_aes cpu_flags_arm_sha2 )
+	cpu_flags_arm_sha2? ( cpu_flags_arm_aes cpu_flags_arm_sha1 )"
 
 RDEPEND=">=dev-libs/libgpg-error-1.25[${MULTILIB_USEDEP}]"
 DEPEND="${RDEPEND}"
@@ -44,6 +54,8 @@ multilib_src_configure() {
 
 		--enable-noexecstack
 		$(use_enable cpu_flags_arm_neon neon-support)
+		# See REQUIRED_USE comment above
+		$(use_enable cpu_flags_arm_aes arm-crypto-support)
 		$(use_enable cpu_flags_ppc_vsx2 ppc-crypto-support)
 		$(use_enable cpu_flags_x86_aes aesni-support)
 		$(use_enable cpu_flags_x86_avx avx-support)