net-misc/aria2: Attempt to correct crazy crypto-lib logic

Attempt to rework crypto-lib dependencies to correctly indicate
libraries needed for program operation.  The new logic involves using
OpenSSL only with USE=ssl+!gnutls but using it both for TLS & MD.
In all other circumstances, GnuTLS is used for TLS (if USE=ssl),
and nettle/libgcrypt is used for MD.  The latter is needed independently
of bittorrent support; it only affects additional libgmp dependency.

Closes: https://bugs.gentoo.org/688780
Signed-off-by: Michał Górny <mgorny@gentoo.org>

2 files changed, 186 insertions, 1 deletions

diff --git a/net-misc/aria2/aria2-1.34.0-r2.ebuild b/net-misc/aria2/aria2-1.34.0-r2.ebuild
new file mode 100644
index 000000000000..025e6d10b737
--- /dev/null
+++ b/net-misc/aria2/aria2-1.34.0-r2.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit bash-completion-r1
+
+DESCRIPTION="A download utility with segmented downloading with BitTorrent support"
+HOMEPAGE="https://aria2.github.io/"
+SRC_URI="https://github.com/aria2/${PN}/releases/download/release-${PV}/${P}.tar.xz"
+
+LICENSE="GPL-2+-with-openssl-exception"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux"
+SLOT="0"
+IUSE="adns bittorrent +gnutls jemalloc libuv +libxml2 metalink +nettle nls sqlite scripts ssh ssl tcmalloc test xmlrpc"
+
+# Crazy GnuTLS/OpenSSL/etc. logic below:
+# 1. Those libraries are used for two purposes: TLS & MD.
+# 2. Upstream preferences are:
+#    1) gnutls [tls]
+#    2) !gnutls? -> openssl [tls+md]
+#    3) !openssl? -> nettle [md]
+#    4) !openssl? !nettle? -> gcrypt [md]
+#    5) !*? -> bundled md routines (we don't use them)
+# 3. There's also gmp usage for bittorrent with nettle.
+# 4. You can't really control features, just dependencies.
+# (we are skipping native Apple/Windows TLS support)
+#
+# We map this into:
+# ssl? -> openssl || (gnutls + (nettle || libgcrypt ))
+# !ssl? -> nettle || libgcrypt
+
+CDEPEND="sys-libs/zlib:0=
+	adns? ( >=net-dns/c-ares-1.5.0:0= )
+	jemalloc? ( dev-libs/jemalloc )
+	libuv? ( >=dev-libs/libuv-1.13:0= )
+	metalink? (
+		libxml2? ( >=dev-libs/libxml2-2.6.26:2= )
+		!libxml2? ( dev-libs/expat:0= ) )
+	sqlite? ( dev-db/sqlite:3= )
+	ssh? ( net-libs/libssh2:= )
+	ssl? (
+		app-misc/ca-certificates
+		gnutls? (
+			>=net-libs/gnutls-1.2.9:0=
+			nettle? (
+				>=dev-libs/nettle-2.4:0=
+				bittorrent? (
+					>=dev-libs/nettle-2.4:0=[gmp]
+					>=dev-libs/gmp-6:0=
+				)
+			)
+			!nettle? ( >=dev-libs/libgcrypt-1.2.2:0= )
+		)
+		!gnutls? (
+			dev-libs/openssl:0=
+		)
+	)
+	!ssl? (
+		nettle? (
+			>=dev-libs/nettle-2.4:0=
+			bittorrent? (
+				>=dev-libs/nettle-2.4:0=[gmp]
+				>=dev-libs/gmp-6:0=
+			)
+		)
+		!nettle? ( >=dev-libs/libgcrypt-1.2.2:0= )
+	)
+	tcmalloc? ( dev-util/google-perftools )
+	xmlrpc? (
+		libxml2? ( >=dev-libs/libxml2-2.6.26:2= )
+		!libxml2? ( dev-libs/expat:0= ) )"
+
+DEPEND="${CDEPEND}
+	app-arch/xz-utils
+	virtual/pkgconfig
+	nls? ( sys-devel/gettext )
+	test? ( >=dev-util/cppunit-1.12.0:0 )"
+RDEPEND="${CDEPEND}
+	nls? ( virtual/libiconv virtual/libintl )
+	scripts? ( dev-lang/ruby )"
+
+# xmlrpc has no explicit switch, it's turned out by any XML library
+# so metalink implicitly forces it on
+REQUIRED_USE="?? ( jemalloc tcmalloc )
+	metalink? ( xmlrpc )"
+RESTRICT="!test? ( test )"
+
+pkg_setup() {
+	if use scripts && ! use xmlrpc; then
+		ewarn "Please note that you may need to enable USE=xmlrpc to run the aria2rpc"
+		ewarn "and aria2mon scripts against the local aria2."
+	fi
+}
+
+src_prepare() {
+	eapply "${FILESDIR}"/${P}-make_unique.patch
+	# https://bugs.gentoo.org/674622 (CVE-2019-3500)
+	eapply "${FILESDIR}"/${P}-mask-headers.patch
+	default
+	sed -i -e "s|/tmp|${T}|" test/*.cc test/*.txt || die "sed failed"
+}
+
+src_configure() {
+	local myconf=(
+		# threads, epoll: check for best portability
+
+		# do not try to compile and run a test LIBXML program
+		--disable-xmltest
+		# enable the shared library
+		--enable-libaria2
+		# zlib should always be available anyway
+		--with-libz
+		--with-ca-bundle="${EPREFIX}/etc/ssl/certs/ca-certificates.crt"
+
+		# optional features
+		$(use_enable bittorrent)
+		$(use_enable metalink)
+		$(use_enable nls)
+		$(use_with adns libcares)
+		$(use_with jemalloc)
+		$(use_with libuv)
+		$(use_with sqlite sqlite3)
+		$(use_with ssh libssh2)
+		$(use_with tcmalloc)
+	)
+
+	# See TLS/MD logic described above deps.
+	if use ssl && ! use gnutls; then
+		# 1. if ssl & !gnutls, use openssl and disable gnutls
+		myconf+=( --without-gnutls --with-openssl )
+	else
+		myconf+=(
+			# 2. otherwise, disable openssl
+			--without-openssl
+			# 3. if ssl & gnutls, use gnutls
+			$(use_with ssl gnutls)
+
+			# 4. switch between nettle & libgcrypt
+			$(use_with nettle libnettle)
+			$(use_with !nettle libgcrypt)
+		)
+
+		# 5. if bittorrent is used along with nettle, use libgmp
+		if use bittorrent && use nettle; then
+			myconf+=( --with-libgmp )
+		else
+			myconf+=( --without-libgmp )
+		fi
+	fi
+
+	# metalink+xmlrpc := libxml2 / expat
+	# USE=(metalink || xmlrpc)
+	#  + USE=libxml2 -> libxml2
+	#  + USE=-libxml2 -> expat
+
+	if use metalink || use xmlrpc; then
+		myconf+=( $(use_with !libxml2 libexpat) $(use_with libxml2) )
+	else
+		myconf+=( --without-libexpat --without-libxml2 )
+	fi
+
+	# Note:
+	# - always enable gzip/http compression since zlib should always be available anyway
+	# - always enable epoll since we can assume kernel 2.6.x
+	# - other options for threads: solaris, pth, win32
+	econf "${myconf[@]}"
+}
+
+src_install() {
+	default
+	rm -rf "${D}"/usr/share/doc/aria2 \
+		"${D}"/usr/share/doc/${PF}/README{,.html}
+
+	dobashcomp doc/bash_completion/aria2c
+	use scripts && dobin doc/xmlrpc/aria2{mon,rpc}
+}
+
+pkg_postinst() {
+	if use xmlrpc; then
+		elog "If you would like to use the additional aria2mon and aria2rpc tools,"
+		elog "you need to have \033[1mdev-lang/ruby\033[0m installed."
+	fi
+}
diff --git a/net-misc/aria2/metadata.xml b/net-misc/aria2/metadata.xml
index e5e58f42b404..27fefc927194 100644
--- a/net-misc/aria2/metadata.xml
+++ b/net-misc/aria2/metadata.xml
@@ -11,10 +11,11 @@
 	</maintainer>
 	<use>
 		<flag name="bittorrent">Enable support for the bittorrent protocol.</flag>
+		<flag name="gnutls">Use <pkg>net-libs/gnutls</pkg> as TLS provider (preferred). Otherwise, <pkg>dev-libs/openssl</pkg> will be used as TLS provider. Both apply only with USE=ssl.</flag>
 		<flag name="libuv">Use <pkg>dev-libs/libuv</pkg> backend.</flag>
 		<flag name="libxml2">Use <pkg>dev-libs/libxml2</pkg> for XML parsing (preferred) instead of <pkg>dev-libs/expat</pkg>.</flag>
-		<flag name="nettle">Use <pkg>dev-libs/nettle</pkg> and <pkg>dev-libs/gmp</pkg> for bittorrent/metalink crypto instead of <pkg>dev-libs/libgcrypt</pkg> (when <pkg>dev-libs/openssl</pkg> is not being used).</flag>
 		<flag name="metalink">Enable support for metalink.</flag>
+		<flag name="nettle">Use <pkg>dev-libs/nettle</pkg> for message digests, plus <pkg>dev-libs/gmp</pkg> for bittorrent (if enabled). If this flag is disabled, <pkg>dev-libs/libgcrypt</pkg> is used instead. This flag is ignored if <pkg>dev-libs/openssl</pkg> is used.</flag>
 		<flag name="scripts">Install additional scripts which use aria2's xmlrpc functionality.</flag>
 		<flag name="ssh">Enable SFTP support.</flag>
 	</use>