diff --git a/extra/mbedtls/.SRCINFO b/extra/mbedtls/.SRCINFO new file mode 100644 index 000000000..e4a8fb8aa --- /dev/null +++ b/extra/mbedtls/.SRCINFO @@ -0,0 +1,27 @@ +pkgbase = mbedtls + pkgdesc = An open source, portable, easy to use, readable and flexible TLS library + pkgver = 3.6.0 + pkgrel = 1 + url = https://tls.mbed.org + arch = x86_64 + license = Apache-2.0 + checkdepends = python + makedepends = cmake + makedepends = git + makedepends = ninja + makedepends = python + depends = glibc + depends = sh + provides = libmbedcrypto.so + provides = libmbedtls.so + provides = libmbedx509.so + provides = polarssl + conflicts = polarssl + replaces = polarssl + options = staticlibs + source = git+https://github.com/Mbed-TLS/mbedtls.git#tag=67dc8f869a2ef39b1f19f6a6d3a34965bc50097e + source = git+https://github.com/Mbed-TLS/mbedtls-framework.git + b2sums = e1baa97607fff9e83b633f2b7ea346783c61ff380a5a65accdc8100534b6b41c2dc479e465c528252d0b01ebc19c043aa3841264a87a0c8fb87a87d6b545c469 + b2sums = SKIP + +pkgname = mbedtls diff --git a/extra/mbedtls/PKGBUILD b/extra/mbedtls/PKGBUILD new file mode 100644 index 000000000..cba8dce38 --- /dev/null +++ b/extra/mbedtls/PKGBUILD @@ -0,0 +1,93 @@ +# Maintainer: Maxime Gauduin +# Contributor: Kyle Keen +# Contributor: Mihai Militaru +# Contributor: carstene1ns + +# ALARM: Kevin Mihelich +# - disable setting MBEDTLS_HAVE_SSE2 +# - patch to fix FTBFS with gcc 14: https://github.com/Mbed-TLS/mbedtls/issues/9003 + +pkgname=mbedtls +pkgver=3.6.0 +pkgrel=1 +pkgdesc='An open source, portable, easy to use, readable and flexible TLS library' +arch=(x86_64) +url=https://tls.mbed.org +license=(Apache-2.0) +depends=( + glibc + sh +) +checkdepends=(python) +makedepends=( + cmake + git + ninja + python +) +provides=( + libmbedcrypto.so + libmbedtls.so + libmbedx509.so + polarssl +) +replaces=(polarssl) +conflicts=(polarssl) +options=(staticlibs) +_tag=67dc8f869a2ef39b1f19f6a6d3a34965bc50097e +source=( + git+https://github.com/Mbed-TLS/mbedtls.git#tag=${_tag} + git+https://github.com/Mbed-TLS/mbedtls-framework.git + gcc14.patch +) +b2sums=('e1baa97607fff9e83b633f2b7ea346783c61ff380a5a65accdc8100534b6b41c2dc479e465c528252d0b01ebc19c043aa3841264a87a0c8fb87a87d6b545c469' + 'SKIP' + 'b1f1ac09a40350c508d6019a4f937b73ff5322528285a71ce341eddacc09ac06392c4d91d754786250c724174947d3f2e9fca8f242275212f9adb4d9ecd65bed') + +prepare() { + cd mbedtls + git submodule init framework + git config submodule.framework.url "${srcdir}"/mbedtls-framework + git -c protocol.file.allow=always submodule update framework + #scripts/config.py set MBEDTLS_HAVE_SSE2 + scripts/config.py set MBEDTLS_THREADING_C + scripts/config.py set MBEDTLS_THREADING_PTHREAD + patch -p1 -i ../gcc14.patch +} + +pkgver() { + cd mbedtls + git describe --tags | sed 's/^v//; s/^mbedtls-//' +} + +build() { + export CFLAGS+=' -ffat-lto-objects' + cmake -S mbedtls -B build -G Ninja \ + -DCMAKE_BUILD_TYPE=None \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_SKIP_RPATH=ON \ + -DUSE_SHARED_MBEDTLS_LIBRARY=ON \ + -DUSE_STATIC_MBEDTLS_LIBRARY=ON \ + -Wno-dev + cmake --build build +} + +check() { + LD_LIBRARY_PATH="${srcdir}"/build/library ctest --test-dir build +} + +package() { + DESTDIR="${pkgdir}" cmake --install build + + # rename generic utils + local _prog _baseprog + for _prog in "${pkgdir}"/usr/bin/*; do + _baseprog=$(basename "$_prog") + mv -v "$_prog" "${_prog//$_baseprog/mbedtls_$_baseprog}" + done + + # fixup static lib permissions + chmod 644 "$pkgdir"/usr/lib/*.a +} + +# vim: ts=2 sw=2 et: diff --git a/extra/mbedtls/gcc14.patch b/extra/mbedtls/gcc14.patch new file mode 100644 index 000000000..e7d0219e7 --- /dev/null +++ b/extra/mbedtls/gcc14.patch @@ -0,0 +1,27 @@ +diff --git a/library/common.h b/library/common.h +index 3936ffdfe..d8c407319 100644 +--- a/library/common.h ++++ b/library/common.h +@@ -192,21 +192,21 @@ static inline void mbedtls_xor(unsigned char *r, + #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) + #if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \ + (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300)) + /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */ + for (; (i + 16) <= n; i += 16) { + uint8x16_t v1 = vld1q_u8(a + i); + uint8x16_t v2 = vld1q_u8(b + i); + uint8x16_t x = veorq_u8(v1, v2); + vst1q_u8(r + i, x); + } +-#if defined(__IAR_SYSTEMS_ICC__) ++#if defined(__IAR_SYSTEMS_ICC__) || defined(MBEDTLS_COMPILER_IS_GCC) + /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case + * where n is a constant multiple of 16. + * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time + * constant, and is a very small perf regression if n is not a compile-time constant. */ + if (n % 16 == 0) { + return; + } + #endif + #elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) + /* This codepath probably only makes sense on architectures with 64-bit registers */